[AnnaMarie07]

I can not open any of my programs, a box pops up and asks which program do you want to use to open. I can't even access Outlook.

Edited by AnnaMarie07, 02 August 2011 - 10:34 PM.

[Advertisements]

Hello AnnaMarie07 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• exeHelper log
• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[maliprog]

Hello AnnaMarie07 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• exeHelper log
• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[AnnaMarie07]

I completed the scans.

exeHelper by Raktor
Build 20100414
Run at 06:48:37 on 08/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[AnnaMarie07]

Here is the OTL Scan.

OTL logfile created on: 8/3/2011 6:52:04 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anna Marie Argenio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 392.66 Mb Available Physical Memory | 38.38% Memory free
4.90 Gb Paging File | 4.37 Gb Available in Paging File | 89.22% Paging File free
Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 48.28 Gb Free Space | 64.79% Space Free | Partition Type: NTFS

Computer Name: MORGAN | User Name: Anna Marie Argenio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (tbcwdm) -- C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (tbcspud) -- C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (vtdg46xx) -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys ()
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/02 19:32:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 20:24:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 06:39:56 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/08/02 21:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Malwarebytes
[2011/08/02 21:47:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 21:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 21:47:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 20:37:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 19:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/08/02 19:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/02 19:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Local Settings\Application Data\Deployment
[2011/07/28 16:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Downloads
[2011/07/24 18:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anna Marie Argenio\IECompatCache
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 06:59:01 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 06:52:34 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/08/03 06:48:36 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/03 06:42:51 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/03 06:40:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 06:40:32 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 21:47:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 20:37:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/08/02 18:41:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/02 18:33:04 | 000,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/02 18:31:16 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna.job
[2011/08/02 18:12:20 | 126,655,469 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/28 15:02:59 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/28 15:01:02 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/28 08:57:31 | 000,031,832 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\nshs-027%20summer%20student%20volunteer%20form.mdi
[2011/07/27 12:44:17 | 000,007,010 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\www.ehow.com-how_2334595_break-board-bare-hands.mdi
[2011/07/27 06:59:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/21 21:03:14 | 000,036,730 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\www.gamestop.com-Browse-StoreSearch.mdi
[2011/07/21 18:22:46 | 000,118,524 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/19 15:51:08 | 000,004,455 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:24 | 000,036,192 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2011/07/12 08:23:47 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 06:48:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/02 21:47:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:02:59 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/28 15:01:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/28 08:57:30 | 000,031,832 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\nshs-027%20summer%20student%20volunteer%20form.mdi
[2011/07/27 12:44:16 | 000,007,010 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\www.ehow.com-how_2334595_break-board-bare-hands.mdi
[2011/07/24 18:34:14 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/07/21 21:03:13 | 000,036,730 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\www.gamestop.com-Browse-StoreSearch.mdi
[2011/07/19 15:51:06 | 000,004,455 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:23 | 000,036,192 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2011/06/12 18:28:26 | 000,017,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d0h8oedl0y462n0bmu7xyw4
[2010/10/10 11:35:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 02:52:15 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/06/06 18:50:11 | 000,130,449 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010/06/06 18:50:10 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/02/17 21:09:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/17 20:37:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2010/02/17 20:27:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 20:18:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/17 12:13:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/17 12:10:03 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Anna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/07/08 21:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 04:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

[AnnaMarie07]

This the Extras.


OTL Extras logfile created on: 8/2/2011 8:45:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anna Marie Argenio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 350.10 Mb Available Physical Memory | 34.22% Memory free
4.90 Gb Paging File | 4.32 Gb Available in Paging File | 88.12% Paging File free
Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 48.07 Gb Free Space | 64.50% Space Free | Partition Type: NTFS

Computer Name: MORGAN | User Name: Anna Marie Argenio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59049:TCP" = 59049:TCP:*:Enabled:Pando Media Booster
"59049:UDP" = 59049:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59049:TCP" = 59049:TCP:*:Enabled:Pando Media Booster
"59049:UDP" = 59049:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Games\World_of_Tanks\WorldOfTanks.exe" = C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks
"C:\Games\World_of_Tanks\WOTLauncher.exe" = C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 21
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Software 9.0
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AVG" = AVG 2011
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Gamevance" = Gamevance
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2011 12:03:49 AM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 7/27/2011 3:44:59 PM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 7/27/2011 3:44:59 PM | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Hanging application MSPVIEW.EXE, version 11.0.1897.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 10:57:39 PM | Computer Name = MORGAN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2011 6:03:28 PM | Computer Name = MORGAN | Source = Application Error | ID = 1000
Description = Faulting application googleearth.exe, version 6.0.3.2197, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/30/2011 11:44:31 PM | Computer Name = MORGAN | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.6353.0, stamp 408f2937,
faulting module msmapi32.dll, version 11.0.6361.0, stamp 40da1177, debug? 0, fault
address 0x000076cb.

Error - 8/2/2011 2:11:36 PM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 8/2/2011 9:37:11 PM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 8/2/2011 9:59:13 PM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 8/2/2011 10:24:09 PM | Computer Name = MORGAN | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

[ System Events ]
Error - 6/20/2011 1:06:10 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/20/2011 1:06:10 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/20/2011 1:06:10 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/20/2011 1:06:10 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/20/2011 1:06:10 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT OMCI Processor RasAcd Rdbss Tcpip

Error - 6/20/2011 1:07:39 AM | Computer Name = MORGAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/22/2011 2:56:56 AM | Computer Name = MORGAN | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LAPTOPANNA that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{EEFC9A0B-09EA-413. The master browser is stopping or an election is
being forced.

Error - 6/22/2011 4:15:16 AM | Computer Name = MORGAN | Source = Service Control Manager | ID = 7000
Description = The Symantec Eraser Control driver service failed to start due to
the following error: %%317

Error - 7/8/2011 10:49:37 PM | Computer Name = MORGAN | Source = Print | ID = 6161
Description = The document Microsoft Word - Raymond Survival Guide.doc owned by
Anna failed to print on printer HP Photosmart C7200 series. Data type: NT EMF 1.008.
Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of
pages in the document: 0. Number of pages printed: 0. Client machine: \\MORGAN.
Win32 error code returned by the print processor: 259 (0x103).

Error - 7/12/2011 11:59:01 AM | Computer Name = MORGAN | Source = DCOM | ID = 10010
Description = The server {0006F03A-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

[maliprog]

Before we continue just let me know how is your system now? Can you run applications now?

[AnnaMarie07]

I still has the same issue, No, I can not run any programs and nothing is accessible under the other user on the computer.

[AnnaMarie07]

When I try to open any of my Word programs, such as Outlook, Word, Publisher, it says file not found.

[maliprog]

Hi AnnaMarie07,

Just to be sure... You have two accounts on your system. On one of them you can't run any program and on the other one you can run everything.

Did you run these scans on infected account or on clean one? I would like you to run all scans on infected account unless I specifically tell you to run it on clean one.

Can you start, for example, Notepad or Paint on infected account or you have problems just with Office programs?

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/06/12 18:28:26 | 000,017,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d0h8oedl0y462n0bmu7xyw4
  
  :Files
  C:\Documents and Settings\All Users\Application Data\d0h8oedl0y462n0bmu7xyw4
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2


Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

• Extract the zip file to its own folder.
• Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
• Click Start scan to start scanning.
• If infection is detected, the default setting for "action" should be Cure
  
  • (If suspicious file is detected please click on it and change it to Skip).
• Click Continue button
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3


Download aswMBR.exe ( 511KB ) to your desktop.

• Double click the aswMBR.exe to run it
• Click the "Scan" button to start scan
• On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Run OTL one more time. Select All Users option and click on Quick Scan button. Post OTL log after the scan.

Step 5

Please don't forget to include these items in your reply:

• OTL Fix log
• TDSSKiller log
• aswMBR log
• New OTL scan log

It would be helpful if you could post each log in separate post

[AnnaMarie07]

On the infected account, I can not open anything, nor can I get on the internet, On the other account it tells me file not found when I try to access the programs, but I can get on the internet. How do I run the scan on the infected account without being able to get on to the internet to download the application?

[maliprog]

OK. I understand. Please run my steps from previous post (4 steps) from clean account. In mean time I'll prepare some fix to run from infected account. Some of tools we use can be adopted to run in situations like this.

[AnnaMarie07]

Thank you!

[AnnaMarie07]

OTL logfile created on: 8/4/2011 6:51:54 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anna Marie Argenio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 324.86 Mb Available Physical Memory | 31.76% Memory free
4.90 Gb Paging File | 4.29 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.94 Gb Free Space | 67.01% Space Free | Partition Type: NTFS

Computer Name: MORGAN | User Name: Anna Marie Argenio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (tbcwdm) -- C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (tbcspud) -- C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (vtdg46xx) -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys ()
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 09:16:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1312443480000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 20:24:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 18:31:18 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\aswMBR.exe
[2011/08/04 18:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller
[2011/08/04 18:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\WinRAR
[2011/08/04 18:20:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/04 07:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/08/04 01:13:08 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\VirtumundoBeGone.exe
[2011/08/04 00:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/04 00:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Local Settings\Application Data\Secunia PSI
[2011/08/04 00:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/04 00:14:44 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\PSISetup.exe
[2011/08/03 22:05:31 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/03 21:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\DriverCure
[2011/08/03 21:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\SpeedMaxPc
[2011/08/03 21:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/08/03 19:44:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/03 19:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/08/03 19:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/08/03 19:23:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/08/02 21:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Malwarebytes
[2011/08/02 21:47:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 21:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 21:47:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 20:37:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 19:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/02 19:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Local Settings\Application Data\Deployment
[2011/07/28 16:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Downloads
[2011/07/24 18:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anna Marie Argenio\IECompatCache
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/08/04 18:59:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 18:45:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\MBR.dat
[2011/08/04 18:31:46 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\aswMBR.exe
[2011/08/04 18:26:21 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller.zip
[2011/08/04 18:23:12 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 18:23:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 18:22:58 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 18:17:35 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna.job
[2011/08/04 18:03:26 | 126,908,866 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/04 17:27:10 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/08/04 09:16:03 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/04 02:02:18 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna Marie Argenio.job
[2011/08/04 01:13:08 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\VirtumundoBeGone.exe
[2011/08/04 01:10:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/04 00:16:07 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/04 00:15:06 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\PSISetup.exe
[2011/08/03 22:23:54 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\rkill.com
[2011/08/03 20:47:51 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exefix.reg
[2011/08/03 19:44:48 | 000,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 19:44:21 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 16:18:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 06:48:36 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/02 21:47:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 20:37:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 18:41:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/21 18:22:46 | 000,118,524 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/19 15:51:08 | 000,004,455 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:24 | 000,036,192 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 18:45:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\MBR.dat
[2011/08/04 18:26:12 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller.zip
[2011/08/04 07:12:51 | 1072,775,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/04 01:58:55 | 000,000,470 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna Marie Argenio.job
[2011/08/04 00:16:07 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/04 00:16:06 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/08/03 22:23:47 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\rkill.com
[2011/08/03 20:47:27 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exefix.reg
[2011/08/03 19:25:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/08/03 19:25:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/08/03 19:25:40 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/08/03 06:48:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/02 21:47:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:01:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 18:34:14 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/07/19 15:51:06 | 000,004,455 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:23 | 000,036,192 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2010/10/10 11:35:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 02:52:15 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/06/06 18:50:11 | 000,130,449 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010/06/06 18:50:10 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/02/17 21:09:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/17 20:37:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2010/02/17 20:27:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 20:18:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/17 12:13:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/17 12:10:03 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/03 15:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/05/22 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/16 09:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 07:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/24 07:59:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/05/22 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/03 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/08/03 18:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/08/04 00:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/05/15 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/24 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\AVG10
[2010/08/30 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\HorizonWimba
[2011/02/10 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\LEGO Company
[2011/02/19 04:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\Registry Mechanic
[2010/06/05 21:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\Sammsoft
[2011/06/11 22:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\wargaming.net
[2010/11/22 08:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\AVG10
[2011/08/03 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\DriverCure
[2011/08/03 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\SpeedMaxPc
[2011/08/04 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/08/04 17:27:10 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >




OTL logfile created on: 8/4/2011 6:51:54 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Anna Marie Argenio\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 324.86 Mb Available Physical Memory | 31.76% Memory free
4.90 Gb Paging File | 4.29 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.94 Gb Free Space | 67.01% Space Free | Partition Type: NTFS

Computer Name: MORGAN | User Name: Anna Marie Argenio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CSHelper) -- C:\WINDOWS\system32\CSHelper.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (tbcwdm) -- C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (tbcspud) -- C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (vtdg46xx) -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys ()
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-682003330-73586283-1644491937-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 09:16:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-73586283-1644491937-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1312443480000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 20:24:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 18:31:18 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\aswMBR.exe
[2011/08/04 18:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller
[2011/08/04 18:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\WinRAR
[2011/08/04 18:20:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/04 07:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/08/04 01:13:08 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\VirtumundoBeGone.exe
[2011/08/04 00:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/04 00:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Local Settings\Application Data\Secunia PSI
[2011/08/04 00:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/04 00:14:44 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\PSISetup.exe
[2011/08/03 22:05:31 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/03 21:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\DriverCure
[2011/08/03 21:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\SpeedMaxPc
[2011/08/03 21:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/08/03 19:44:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/03 19:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/08/03 19:25:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/08/03 19:23:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/08/02 21:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Malwarebytes
[2011/08/02 21:47:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 21:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 21:47:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 20:37:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 19:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/02 19:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\Local Settings\Application Data\Deployment
[2011/07/28 16:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Downloads
[2011/07/24 18:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Anna Marie Argenio\IECompatCache
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/08/04 18:59:02 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/04 18:45:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\MBR.dat
[2011/08/04 18:31:46 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\aswMBR.exe
[2011/08/04 18:26:21 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller.zip
[2011/08/04 18:23:12 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/04 18:23:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 18:22:58 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 18:17:35 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna.job
[2011/08/04 18:03:26 | 126,908,866 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/04 17:27:10 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/08/04 09:16:03 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/04 02:02:18 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna Marie Argenio.job
[2011/08/04 01:13:08 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\VirtumundoBeGone.exe
[2011/08/04 01:10:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/04 00:16:07 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/04 00:15:06 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\PSISetup.exe
[2011/08/03 22:23:54 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\rkill.com
[2011/08/03 20:47:51 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exefix.reg
[2011/08/03 19:44:48 | 000,012,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 19:44:21 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 16:18:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/03 06:48:36 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/02 21:47:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 20:37:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anna Marie Argenio\Desktop\OTL.exe
[2011/08/02 18:41:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/21 18:22:46 | 000,118,524 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/19 15:51:08 | 000,004,455 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:24 | 000,036,192 | ---- | M] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 18:45:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\MBR.dat
[2011/08/04 18:26:12 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\tdsskiller.zip
[2011/08/04 07:12:51 | 1072,775,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/04 01:58:55 | 000,000,470 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Anna Marie Argenio.job
[2011/08/04 00:16:07 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/08/04 00:16:06 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/08/03 22:23:47 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\rkill.com
[2011/08/03 20:47:27 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exefix.reg
[2011/08/03 19:25:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/08/03 19:25:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/08/03 19:25:40 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/08/03 06:48:27 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Desktop\exeHelper.com
[2011/08/02 21:47:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/28 15:01:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/07/28 15:01:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/24 18:34:14 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job
[2011/07/19 15:51:06 | 000,004,455 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\Sound-icon.svg
[2011/07/15 07:38:23 | 000,036,192 | ---- | C] () -- C:\Documents and Settings\Anna Marie Argenio\My Documents\NSHS-027summer_2011_Student_Volunteer_Form.mdi
[2010/10/10 11:35:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 02:52:15 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/06/06 18:50:11 | 000,130,449 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010/06/06 18:50:10 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010/02/17 21:09:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/17 20:37:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2010/02/17 20:27:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 20:18:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/17 12:13:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/17 12:10:03 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/03 15:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2011/05/22 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/16 09:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 07:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/24 07:59:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/01 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/05/22 17:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/03 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/08/03 18:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/08/04 00:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/05/15 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/24 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\AVG10
[2010/08/30 18:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\HorizonWimba
[2011/02/10 18:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\LEGO Company
[2011/02/19 04:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\Registry Mechanic
[2010/06/05 21:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\Sammsoft
[2011/06/11 22:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna\Application Data\wargaming.net
[2010/11/22 08:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\AVG10
[2011/08/03 21:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\DriverCure
[2011/08/03 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anna Marie Argenio\Application Data\SpeedMaxPc
[2011/08/04 19:00:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/08/04 17:27:10 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4533C7B3-FCF5-42AE-BE5D-73795BE30E91}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >








2011/08/04 19:10:59.0046 2340 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 19:10:59.0593 2340 ================================================================================
2011/08/04 19:10:59.0593 2340 SystemInfo:
2011/08/04 19:10:59.0593 2340
2011/08/04 19:10:59.0593 2340 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/04 19:10:59.0593 2340 Product type: Workstation
2011/08/04 19:10:59.0593 2340 ComputerName: MORGAN
2011/08/04 19:10:59.0593 2340 UserName: Anna Marie Argenio
2011/08/04 19:10:59.0593 2340 Windows directory: C:\WINDOWS
2011/08/04 19:10:59.0593 2340 System windows directory: C:\WINDOWS
2011/08/04 19:10:59.0593 2340 Processor architecture: Intel x86
2011/08/04 19:10:59.0593 2340 Number of processors: 1
2011/08/04 19:10:59.0593 2340 Page size: 0x1000
2011/08/04 19:10:59.0593 2340 Boot type: Normal boot
2011/08/04 19:10:59.0593 2340 ================================================================================
2011/08/04 19:11:01.0125 2340 Initialize success
2011/08/04 19:11:06.0593 2420 ================================================================================
2011/08/04 19:11:06.0593 2420 Scan started
2011/08/04 19:11:06.0593 2420 Mode: Manual;
2011/08/04 19:11:06.0593 2420 ================================================================================
2011/08/04 19:11:07.0468 2420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/04 19:11:07.0656 2420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/04 19:11:07.0890 2420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/04 19:11:08.0062 2420 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/04 19:11:08.0203 2420 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/04 19:11:08.0812 2420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/04 19:11:09.0000 2420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/04 19:11:09.0218 2420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/04 19:11:09.0390 2420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/04 19:11:09.0562 2420 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/04 19:11:09.0718 2420 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/04 19:11:09.0843 2420 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/04 19:11:09.0968 2420 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/04 19:11:10.0125 2420 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/04 19:11:10.0265 2420 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/04 19:11:10.0406 2420 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/04 19:11:10.0578 2420 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/04 19:11:10.0750 2420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/04 19:11:10.0906 2420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/04 19:11:11.0125 2420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/04 19:11:11.0265 2420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/04 19:11:11.0421 2420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/04 19:11:11.0937 2420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/04 19:11:12.0109 2420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/04 19:11:12.0281 2420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/04 19:11:12.0437 2420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/04 19:11:12.0625 2420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/04 19:11:12.0781 2420 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/04 19:11:12.0937 2420 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/04 19:11:13.0093 2420 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2011/08/04 19:11:13.0250 2420 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/08/04 19:11:13.0468 2420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/04 19:11:13.0625 2420 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/04 19:11:13.0875 2420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/04 19:11:14.0031 2420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/04 19:11:14.0203 2420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/04 19:11:14.0343 2420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/04 19:11:14.0500 2420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/04 19:11:14.0640 2420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/04 19:11:14.0796 2420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/04 19:11:14.0953 2420 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/04 19:11:15.0125 2420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/04 19:11:15.0359 2420 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/08/04 19:11:15.0671 2420 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/04 19:11:15.0812 2420 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/04 19:11:15.0953 2420 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/04 19:11:16.0109 2420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/04 19:11:16.0375 2420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/04 19:11:16.0546 2420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/04 19:11:16.0812 2420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/04 19:11:16.0953 2420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/04 19:11:17.0093 2420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/04 19:11:17.0250 2420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/04 19:11:17.0421 2420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/04 19:11:17.0562 2420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/04 19:11:17.0703 2420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/04 19:11:17.0875 2420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/04 19:11:18.0031 2420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/04 19:11:18.0187 2420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/04 19:11:18.0343 2420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/04 19:11:18.0578 2420 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/04 19:11:18.0734 2420 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/04 19:11:18.0906 2420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/04 19:11:19.0015 2420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/04 19:11:19.0171 2420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/04 19:11:19.0343 2420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/04 19:11:19.0546 2420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/04 19:11:19.0734 2420 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/04 19:11:19.0937 2420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/04 19:11:20.0078 2420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/04 19:11:20.0234 2420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/04 19:11:20.0375 2420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/04 19:11:20.0531 2420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/04 19:11:20.0687 2420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/04 19:11:20.0843 2420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/04 19:11:21.0000 2420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/04 19:11:21.0140 2420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/04 19:11:21.0312 2420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/04 19:11:21.0453 2420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/04 19:11:21.0671 2420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/04 19:11:21.0812 2420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/04 19:11:22.0046 2420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/04 19:11:22.0218 2420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/04 19:11:22.0453 2420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/04 19:11:22.0703 2420 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/04 19:11:22.0953 2420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/04 19:11:23.0109 2420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/04 19:11:23.0390 2420 OMCI (e1e54131462b63efefaf14aca8e4012b) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/08/04 19:11:23.0593 2420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/04 19:11:23.0734 2420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/04 19:11:23.0890 2420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/04 19:11:24.0046 2420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/04 19:11:24.0281 2420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/04 19:11:24.0812 2420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/04 19:11:24.0968 2420 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/04 19:11:25.0140 2420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/04 19:11:25.0265 2420 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/08/04 19:11:25.0375 2420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/04 19:11:25.0734 2420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/04 19:11:25.0828 2420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/04 19:11:25.0890 2420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/04 19:11:25.0984 2420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/04 19:11:26.0078 2420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/04 19:11:26.0203 2420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/04 19:11:26.0359 2420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/04 19:11:26.0546 2420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/04 19:11:26.0765 2420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/04 19:11:26.0968 2420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/04 19:11:27.0125 2420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/04 19:11:27.0312 2420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/04 19:11:27.0593 2420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/04 19:11:27.0765 2420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/04 19:11:27.0937 2420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/04 19:11:28.0140 2420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/04 19:11:28.0296 2420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/04 19:11:28.0687 2420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/04 19:11:28.0859 2420 tbcspud (4e296e262ae499e3b1697798a9084451) C:\WINDOWS\system32\drivers\tbcspud.sys
2011/08/04 19:11:29.0046 2420 tbcwdm (fc855b65379f621a34c4309c31f754eb) C:\WINDOWS\system32\drivers\tbcwdm.sys
2011/08/04 19:11:29.0265 2420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/04 19:11:29.0421 2420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/04 19:11:29.0515 2420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/04 19:11:29.0625 2420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/04 19:11:29.0859 2420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/04 19:11:30.0093 2420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/04 19:11:30.0281 2420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/04 19:11:30.0453 2420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/04 19:11:30.0609 2420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/04 19:11:30.0750 2420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/04 19:11:30.0921 2420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/04 19:11:31.0093 2420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/04 19:11:31.0250 2420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/04 19:11:31.0453 2420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/04 19:11:31.0593 2420 vtdg46xx (c3832f5b4f692c864077b42648f0c4ae) C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
2011/08/04 19:11:31.0781 2420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/04 19:11:32.0000 2420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/04 19:11:32.0281 2420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/04 19:11:32.0437 2420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/04 19:11:32.0531 2420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/04 19:11:32.0703 2420 Boot (0x1200) (f130ca00369675a6630e27cce51c0f88) \Device\Harddisk0\DR0\Partition0
2011/08/04 19:11:32.0734 2420 ================================================================================
2011/08/04 19:11:32.0734 2420 Scan finished
2011/08/04 19:11:32.0734 2420 ================================================================================
2011/08/04 19:11:32.0765 2608 Detected object count: 0
2011/08/04 19:11:32.0765 2608 Actual detected object count: 0

2011/08/04 19:15:45.0750 3620 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 19:15:46.0421 3620 ================================================================================
2011/08/04 19:15:46.0421 3620 SystemInfo:
2011/08/04 19:15:46.0421 3620
2011/08/04 19:15:46.0421 3620 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/04 19:15:46.0421 3620 Product type: Workstation
2011/08/04 19:15:46.0421 3620 ComputerName: MORGAN
2011/08/04 19:15:46.0421 3620 UserName: Anna Marie Argenio
2011/08/04 19:15:46.0421 3620 Windows directory: C:\WINDOWS
2011/08/04 19:15:46.0421 3620 System windows directory: C:\WINDOWS
2011/08/04 19:15:46.0421 3620 Processor architecture: Intel x86
2011/08/04 19:15:46.0421 3620 Number of processors: 1
2011/08/04 19:15:46.0421 3620 Page size: 0x1000
2011/08/04 19:15:46.0421 3620 Boot type: Normal boot
2011/08/04 19:15:46.0421 3620 ================================================================================
2011/08/04 19:15:47.0937 3620 Initialize success


swMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-04 18:32:39
-----------------------------
18:32:39.406 OS Version: Windows 5.1.2600 Service Pack 3
18:32:39.406 Number of processors: 1 586 0x102
18:32:39.406 ComputerName: MORGAN UserName:
18:32:39.718 Initialize success
18:34:48.906 AVAST engine defs: 11080401
18:35:42.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:35:42.531 Disk 0 Vendor: ST380021A 3.10 Size: 76319MB BusType: 3
18:35:44.562 Disk 0 MBR read successfully
18:35:44.562 Disk 0 MBR scan
18:35:44.625 Disk 0 Windows XP default MBR code
18:35:44.625 Disk 0 scanning sectors +156280320
18:35:44.687 Disk 0 scanning C:\WINDOWS\system32\drivers
18:36:08.640 Service scanning
18:36:10.296 Modules scanning
18:36:32.484 Disk 0 trace - called modules:
18:36:32.500 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:36:32.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd6ab8]
18:36:32.500 3 CLASSPNP.SYS[f75affd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fe9210]
18:36:33.578 AVAST engine scan C:\WINDOWS
18:36:45.062 AVAST engine scan C:\WINDOWS\system32
18:39:50.921 AVAST engine scan C:\WINDOWS\system32\drivers
18:40:12.578 AVAST engine scan C:\Documents and Settings\Anna Marie Argenio
18:45:03.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anna Marie Argenio\Desktop\MBR.dat"
18:45:03.640 The log file has been saved successfully to "C:\Documents and Settings\Anna Marie Argenio\Desktop\aswMBR.txt"

[maliprog]

Hi AnnaMarie07,

Let's try this. Delete your version of OTL from the desktop.

Please download OTH to your C:\
Please download OTL to your C:\

Because you downloaded these two programs to C:\ you should have access to it from another account. Log off from your clean one and log in to infected one. Now we'll try to run scan on infected account.

NOTE: We will use this method for future transfer and scans on infected account.

Double click the OTH file and select Kill All Processes, your desktop will go blank



Then select Start OTL
OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Copy and paste them to me.

[AnnaMarie07]

 OTL.Txt   40.28KB   104 downloads

I can not get the OTH download to work it does not respond.