Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus blocks starting any programs.

Started by lucille123 , Aug 18 2011 05:12 PM

Please log in to reply

#16
lucille123

Posted 22 August 2011 - 07:42 AM

Member

Topic Starter
Member
100 posts

#17
lucille123

Posted 22 August 2011 - 10:23 AM

Member

Topic Starter
Member
100 posts

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 06:41:05
-----------------------------
06:41:05.468 OS Version: Windows 5.1.2600 Service Pack 3
06:41:05.468 Number of processors: 1 586 0x7C02
06:41:05.468 ComputerName: HOME UserName:
06:41:06.343 Initialize success
06:41:21.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:41:21.812 Disk 0 Vendor: TOSHIBA_MK8046GSX LB312D Size: 76319MB BusType: 3
06:41:21.843 Device \Driver\atapi -> DriverStartIo 8ae1e2e0
06:41:23.890 Disk 0 MBR read successfully
06:41:23.921 Disk 0 MBR scan
06:41:23.953 Disk 0 Windows XP default MBR code found via API
06:41:23.984 Disk 0 unknown MBR code
06:41:24.015 Disk 0 MBR hidden
06:41:24.046 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
06:41:24.078 Disk 0 trace - called modules:
06:41:24.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ae1e4c0]<<
06:41:24.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af63ab8]
06:41:24.187 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8afa1f18]
06:41:24.218 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> [0x8af66d98]
06:41:26.765 \Driver\atapi[0x8ae1cd78] -> IRP_MJ_CREATE -> 0x8ae1e4c0
06:41:26.906 Scan finished successfully
06:41:54.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\MBR.dat"
06:41:54.359 The log file has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\aswMBR.txt"

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 09:22:10
-----------------------------
09:22:10.406 OS Version: Windows 5.1.2600 Service Pack 3
09:22:10.406 Number of processors: 1 586 0x7C02
09:22:10.406 ComputerName: HOME UserName:
09:22:13.406 Initialize success
09:22:27.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:22:27.953 Disk 0 Vendor: TOSHIBA_MK8046GSX LB312D Size: 76319MB BusType: 3
09:22:27.984 Device \Driver\atapi -> DriverStartIo 8ae1c2e0
09:22:30.031 Disk 0 MBR read successfully
09:22:30.078 Disk 0 MBR scan
09:22:30.109 Disk 0 Windows XP default MBR code found via API
09:22:30.140 Disk 0 unknown MBR code
09:22:30.234 Disk 0 MBR hidden
09:22:30.265 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
09:22:30.296 Disk 0 trace - called modules:
09:22:30.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ae1c4c0]<<
09:22:30.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af9f958]
09:22:30.406 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8af3e9e8]
09:22:30.437 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> [0x8af3eb00]
09:22:32.890 \Driver\atapi[0x8af7b3b0] -> IRP_MJ_CREATE -> 0x8ae1c4c0
09:22:33.031 Scan finished successfully
09:22:41.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\MBR.dat"
09:22:41.343 The log file has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\aswMBR.txt"

#18
lucille123

Posted 22 August 2011 - 10:24 AM

Member

Topic Starter
Member
100 posts

Sorry for the multiple posts. It's hard to see what I post sometimes on safemode.

#19
Nedklaw

Posted 22 August 2011 - 12:11 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Looks like you have an MBR infection.

Re-Run aswMBR.

Click Scan.

On completion of the scan, click the FixMBR botton.

Posted Image

Save the log as before and post it in your next reply.

Things I want to see in your next reply

aswMBR.txt

#20
lucille123

Posted 22 August 2011 - 12:29 PM

Member

Topic Starter
Member
100 posts

Great

I just ran the aswmbr program using the scan button, but as soon as that was finished the mbr fix button was greyed out. I am going to just try the mbrfix button without scanning it and see what happens.

#21
lucille123

Posted 22 August 2011 - 12:33 PM

Member

Topic Starter
Member
100 posts

I mbrfixed it then scanned it. Hope that was okay.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 11:31:34
-----------------------------
11:31:34.828 OS Version: Windows 5.1.2600 Service Pack 3
11:31:34.828 Number of processors: 1 586 0x7C02
11:31:34.828 ComputerName: HOME UserName:
11:31:36.437 Initialize success
11:31:39.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:31:39.500 Disk 0 Vendor: TOSHIBA_MK8046GSX LB312D Size: 76319MB BusType: 3
11:31:39.531 Device \Driver\atapi -> DriverStartIo 8adc42e0
11:31:41.593 Disk 0 MBR read successfully
11:31:41.625 Disk 0 MBR scan
11:31:41.656 Disk 0 Windows XP default MBR code
11:31:41.687 Disk 0 scanning sectors +156296385
11:31:41.828 Disk 0 scanning C:\WINDOWS\system32\drivers
11:31:52.609 Service scanning
11:31:55.171 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:31:55.828 Modules scanning
11:32:10.734 Disk 0 trace - called modules:
11:32:10.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8adc44c0]<<
11:32:10.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af6e958]
11:32:11.296 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8af659e8]
11:32:11.296 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> [0x8af3dd98]
11:32:11.328 \Driver\atapi[0x8ae25330] -> IRP_MJ_CREATE -> 0x8adc44c0
11:32:11.328 Scan finished successfully
11:32:22.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\MBR.dat"
11:32:22.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator.HOME\Desktop\aswMBR.txt"

#22
lucille123

Posted 22 August 2011 - 12:40 PM

Member

Topic Starter
Member
100 posts

Woo hoo! I was able to reboot normally :-) OTL popped up and gave me this scan

All processes killed
========== OTL ==========
Error: No service named srvCAC was found to stop!
Service\Driver key srvCAC not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A24260AC-3B3C-4936-9047-B00E2D9BBC7E}: C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\{A24260AC-3B3C-4936-9047-B00E2D9BBC7E} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
File C:\Documents and Settings\All Users\Desktop\Security Protection.lnk not found.
File C:\Documents and Settings\All Users\Documents\setup1911.fon not found.
File C:\Documents and Settings\All Users\Documents\pornmovs.lnk not found.
File C:\Documents and Settings\All Users\Documents\myporno.avi.lnk not found.
File C:\Documents and Settings\All Users\Documents\setup1911.lnk not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\All Users\Application Data\*.tmp not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications"|0 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator.HOME\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator.HOME\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 12836240 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa Huffman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66862304 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 4208 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17718518 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 128754 bytes

Total Files Cleaned = 93.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.HOME
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest 2
->Flash cache emptied: 0 bytes

User: Lisa Huffman

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.26.5 log created on 08212011_181002

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\2312[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\adpage[1].aspx not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\adpage[2].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\ad[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\ad[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\base.ie6[2].css moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CA0PMRS5.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CA8NWPGN moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CAAKZT0I.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CAAR8TQV.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CAGBSZMB.php not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CALWTD4H.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\CAU3A9L3.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\channel[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\channel[3].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\data_sync[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\data_sync[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\data_sync[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\GAM-Deluxe-300x250[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\Pug[1].gif not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLIRS9YR\us_widget[1] not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\480_10124[1].mp4 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\ad[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\ad[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\ad[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\ad[6].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CA71SXLY not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAC1M7G1.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAFH554T.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAFV951H.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAI78HE7 not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAJB8N7C.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAKLUVGD.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CALRE5FN.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAVE5KTL.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\CAVGDNBG.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\data_sync[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\data_sync[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\Deluxe-160x600-Double[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\flip2[2].jpg moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\flip5[1].jpg moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\GAM-Deluxe-300x250[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\lgl[1].html not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\lib[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\lib[2].js moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\lindsay-lohans-poolside-drama-508137[1] not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\st[1] not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\st[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\syncuppixels[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQZWXIZ\vb-postrolll-ad[1].jpg moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\1x1[1].gif moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\adpage[1].aspx not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\adpage[2].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ads.ie6[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ad[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ad[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ad[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ad[6].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CA1FETNJ.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CA61WFEV.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CA97JY6R.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CA9RK0VJ.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CACLQJ45.act not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAFIDR9H.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CANF7HK0.act not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAPF8K0T.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAPI9Q8Q.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAQS7W11 not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAWNEP29.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAWUOKNI.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAYP4T6Z.1313975338&ga_sid=1313975338&ga_hid=204602740 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\CAYV0L2F.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\data_sync[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\ddc[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\pixel[1].mzDkFv_294GmzcfSgPn9luVoar1HOpEZbVjmVppxIk98byOI9HqGoH4vMmhGw8-&redirectURL=;ord=3823ad8d-b602-4e6f-b268-8b51b0dac752 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4T2RWTYR\vanessa-hudgens-ashley-tisdale-pirates-pals-503413[1] not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\01[1].4vhrQ%26redirectURL%3D moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\1S1S42C715BS0S9FSA40S1SA0S258S7CSB26_2610FC85_4F11ACA%3f;ord=5518004[1] not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\74832[1].xml moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\adpage[1].aspx not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\adpage[2].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\ad[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CA27BWDW.htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CA6DODE5 not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CA6HOL4T not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CA6WU9RS.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CABYUPJJ.25&id=fc622cbe441a3322 moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CACGFRM3.html not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAE789AN.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAH4OVGP.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAMRO1QZ.html not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAO7WF09.htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAOT23UL.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAQJW92F.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAQX21CZ.htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAW6GXOT.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAY1GV41.php moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CAY9EBUB.htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\CPMonly_300x250_BTF[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\data_sync[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\data_sync[2].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\ddc[2].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\freq[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\GAM-Deluxe-728x90_Bottom[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\GAM-Deluxe-728x90_Bottom[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\statstracker[2].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\style_beauty[1] not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\us_widget[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LEVOT2J\x113[1].htm moved successfully.
C:\WINDOWS\temp\fla12.tmp moved successfully.
File\Folder C:\WINDOWS\temp\fla13.tmp not found!
C:\WINDOWS\temp\fla6.tmp moved successfully.
File\Folder C:\WINDOWS\temp\flaB.tmp not found!

Registry entries deleted on Reboot...

#23
lucille123

Posted 22 August 2011 - 12:54 PM

Member

Topic Starter
Member
100 posts

I think there's still some things to clean up, but it's getting there :-) I am missing some programs and the security protection is still on the desktop.

#24
Nedklaw

Posted 22 August 2011 - 02:47 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Woo hoo! I was able to reboot normally :-)

Great.

Step 1

What do you mean by missing some programs?
Are icons missing from the desktop or is the Start Menu empty?

Step 2

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Double click on OTL to run it. Make sure all other windows are closed to let it run uninterrupted.

Select Scan All Users.
Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Quick Scan button. The scan won't take long.
When the scan completes, it will open a notepad window. OTL.Txt. It is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.

Things I want to see in your next reply

Answer to my questions
TDSSKiller.[Version]_[Date]_[Time]_log.txt
OTL.txt

#25
lucille123

Posted 22 August 2011 - 03:25 PM

Member

Topic Starter
Member
100 posts

It seems I am missing all my programs except for internet explorer and firefox. That's for both the desktop and the start menu.

2011/08/22 14:10:25.0234 1416 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 14:10:25.0750 1416 ================================================================================
2011/08/22 14:10:25.0750 1416 SystemInfo:
2011/08/22 14:10:25.0750 1416
2011/08/22 14:10:25.0750 1416 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/22 14:10:25.0750 1416 Product type: Workstation
2011/08/22 14:10:25.0750 1416 ComputerName: HOME
2011/08/22 14:10:25.0750 1416 UserName: Lisa Huffman
2011/08/22 14:10:25.0750 1416 Windows directory: C:\WINDOWS
2011/08/22 14:10:25.0750 1416 System windows directory: C:\WINDOWS
2011/08/22 14:10:25.0750 1416 Processor architecture: Intel x86
2011/08/22 14:10:25.0750 1416 Number of processors: 1
2011/08/22 14:10:25.0750 1416 Page size: 0x1000
2011/08/22 14:10:25.0750 1416 Boot type: Normal boot
2011/08/22 14:10:25.0750 1416 ================================================================================
2011/08/22 14:10:27.0343 1416 Initialize success
2011/08/22 14:10:38.0828 2916 ================================================================================
2011/08/22 14:10:38.0828 2916 Scan started
2011/08/22 14:10:38.0828 2916 Mode: Manual;
2011/08/22 14:10:38.0828 2916 ================================================================================
2011/08/22 14:10:40.0437 2916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/22 14:10:40.0531 2916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/22 14:10:40.0562 2916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/22 14:10:40.0609 2916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/22 14:10:40.0765 2916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/22 14:10:40.0828 2916 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/22 14:10:40.0921 2916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/22 14:10:41.0078 2916 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/22 14:10:41.0125 2916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/22 14:10:41.0156 2916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/22 14:10:41.0187 2916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/22 14:10:41.0218 2916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/22 14:10:41.0234 2916 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/22 14:10:41.0250 2916 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/22 14:10:41.0265 2916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/22 14:10:41.0312 2916 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/22 14:10:41.0406 2916 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/08/22 14:10:41.0609 2916 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/22 14:10:41.0718 2916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/22 14:10:41.0734 2916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/22 14:10:41.0750 2916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/22 14:10:41.0796 2916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/22 14:10:41.0859 2916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/22 14:10:41.0984 2916 ati2mtag (aff027496f2d60f7f54a7cc8421a9f5a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/22 14:10:42.0187 2916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/22 14:10:42.0250 2916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/22 14:10:42.0312 2916 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/08/22 14:10:42.0406 2916 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/08/22 14:10:42.0562 2916 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/08/22 14:10:42.0625 2916 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/22 14:10:42.0734 2916 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/08/22 14:10:43.0015 2916 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/22 14:10:43.0078 2916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/22 14:10:43.0109 2916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/22 14:10:43.0281 2916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/22 14:10:43.0328 2916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/22 14:10:43.0359 2916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/22 14:10:43.0421 2916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/22 14:10:43.0453 2916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/22 14:10:43.0546 2916 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/22 14:10:43.0656 2916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/22 14:10:43.0750 2916 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/22 14:10:43.0875 2916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/22 14:10:43.0937 2916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/22 14:10:43.0984 2916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/22 14:10:44.0031 2916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/22 14:10:44.0203 2916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/22 14:10:44.0328 2916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/22 14:10:44.0390 2916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/22 14:10:44.0468 2916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/22 14:10:44.0500 2916 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/22 14:10:44.0515 2916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/22 14:10:44.0656 2916 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
2011/08/22 14:10:44.0750 2916 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/22 14:10:44.0843 2916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/22 14:10:44.0921 2916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/22 14:10:45.0031 2916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/22 14:10:45.0046 2916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/22 14:10:45.0093 2916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/22 14:10:45.0109 2916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/22 14:10:45.0203 2916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/22 14:10:45.0265 2916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/22 14:10:45.0406 2916 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/22 14:10:45.0453 2916 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/22 14:10:45.0546 2916 HPFXBULK (d63b7f6b2b992c0b566f44efde620b5d) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011/08/22 14:10:45.0578 2916 HPFXFAX (2bdff04d7d9a3cf07d9417cd366756e1) C:\WINDOWS\system32\drivers\hpfxfax.sys
2011/08/22 14:10:45.0703 2916 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/22 14:10:46.0156 2916 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/08/22 14:10:46.0437 2916 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/22 14:10:46.0765 2916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/22 14:10:47.0062 2916 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/22 14:10:47.0093 2916 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/22 14:10:47.0140 2916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/22 14:10:47.0171 2916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/22 14:10:47.0234 2916 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/22 14:10:47.0359 2916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/22 14:10:47.0390 2916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/22 14:10:47.0406 2916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/22 14:10:47.0421 2916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/22 14:10:47.0437 2916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/22 14:10:47.0484 2916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/22 14:10:47.0531 2916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/22 14:10:47.0656 2916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/22 14:10:47.0703 2916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/22 14:10:47.0734 2916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/22 14:10:47.0765 2916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/22 14:10:47.0828 2916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/22 14:10:47.0890 2916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/22 14:10:48.0062 2916 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/08/22 14:10:48.0093 2916 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/08/22 14:10:48.0156 2916 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/08/22 14:10:48.0234 2916 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/22 14:10:48.0328 2916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/22 14:10:48.0375 2916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/22 14:10:48.0406 2916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/22 14:10:48.0484 2916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/22 14:10:48.0562 2916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/22 14:10:48.0734 2916 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/22 14:10:48.0812 2916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/22 14:10:49.0062 2916 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/22 14:10:49.0187 2916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/22 14:10:49.0265 2916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/22 14:10:49.0359 2916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/22 14:10:49.0390 2916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/22 14:10:49.0453 2916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/22 14:10:49.0546 2916 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/22 14:10:49.0750 2916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/22 14:10:49.0812 2916 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/22 14:10:49.0953 2916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/22 14:10:50.0015 2916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/22 14:10:50.0078 2916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/22 14:10:50.0140 2916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/22 14:10:50.0171 2916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/22 14:10:50.0296 2916 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/22 14:10:50.0390 2916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/22 14:10:50.0437 2916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/22 14:10:50.0484 2916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/22 14:10:50.0593 2916 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/22 14:10:50.0718 2916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/22 14:10:50.0750 2916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/22 14:10:50.0796 2916 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/22 14:10:50.0843 2916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/22 14:10:50.0890 2916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/22 14:10:51.0000 2916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/22 14:10:51.0062 2916 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/08/22 14:10:51.0125 2916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/22 14:10:51.0156 2916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/22 14:10:51.0234 2916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/22 14:10:51.0343 2916 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/22 14:10:51.0390 2916 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/22 14:10:51.0468 2916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/22 14:10:51.0531 2916 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/22 14:10:51.0562 2916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/22 14:10:51.0625 2916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/22 14:10:51.0718 2916 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/22 14:10:51.0812 2916 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/22 14:10:51.0828 2916 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/22 14:10:51.0859 2916 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/22 14:10:51.0890 2916 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/22 14:10:51.0921 2916 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/22 14:10:51.0968 2916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/22 14:10:52.0062 2916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/22 14:10:52.0140 2916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/22 14:10:52.0156 2916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/22 14:10:52.0187 2916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/22 14:10:52.0265 2916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/22 14:10:52.0328 2916 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/22 14:10:52.0421 2916 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/22 14:10:52.0515 2916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/22 14:10:52.0593 2916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/22 14:10:52.0734 2916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/22 14:10:52.0796 2916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/22 14:10:52.0843 2916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/22 14:10:52.0921 2916 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/22 14:10:52.0968 2916 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/22 14:10:53.0062 2916 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/22 14:10:53.0140 2916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/22 14:10:53.0218 2916 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/22 14:10:53.0281 2916 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
2011/08/22 14:10:53.0281 2916 sptd - detected LockedFile.Multi.Generic (1)
2011/08/22 14:10:53.0343 2916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/22 14:10:53.0468 2916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/22 14:10:53.0625 2916 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/22 14:10:53.0828 2916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/22 14:10:53.0875 2916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/22 14:10:53.0921 2916 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/22 14:10:53.0953 2916 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/22 14:10:53.0968 2916 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/22 14:10:54.0109 2916 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/22 14:10:54.0187 2916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/22 14:10:54.0265 2916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/22 14:10:54.0375 2916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/22 14:10:54.0453 2916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/22 14:10:54.0546 2916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/22 14:10:54.0609 2916 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/22 14:10:54.0687 2916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/22 14:10:54.0765 2916 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/22 14:10:54.0890 2916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/22 14:10:54.0968 2916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/22 14:10:55.0078 2916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/22 14:10:55.0156 2916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/22 14:10:55.0203 2916 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/22 14:10:55.0218 2916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/22 14:10:55.0281 2916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/22 14:10:55.0375 2916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/22 14:10:55.0453 2916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/22 14:10:55.0515 2916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/22 14:10:55.0562 2916 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/22 14:10:55.0656 2916 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/22 14:10:55.0718 2916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/22 14:10:55.0781 2916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/22 14:10:55.0843 2916 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
2011/08/22 14:10:56.0000 2916 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/08/22 14:10:56.0140 2916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/22 14:10:56.0234 2916 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/22 14:10:56.0468 2916 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/22 14:10:56.0593 2916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/22 14:10:56.0625 2916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/22 14:10:56.0656 2916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/22 14:10:56.0765 2916 Boot (0x1200) (0122d979650fda3f115a3f2e83285b9c) \Device\Harddisk0\DR0\Partition0
2011/08/22 14:10:56.0765 2916 ================================================================================
2011/08/22 14:10:56.0765 2916 Scan finished
2011/08/22 14:10:56.0765 2916 ================================================================================
2011/08/22 14:10:56.0781 0456 Detected object count: 1
2011/08/22 14:10:56.0781 0456 Actual detected object count: 1
2011/08/22 14:11:16.0156 0456 LockedFile.Multi.Generic(sptd) - User select action: Skip
OTL logfile created on: 8/22/2011 2:14:27 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Lisa Huffman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 78.00% Memory free
6.59 Gb Paging File | 6.03 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 44.55 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive Y: | 74.45 Gb Total Space | 56.26 Gb Free Space | 75.57% Space Free | Partition Type: NTFS
Drive Z: | 74.45 Gb Total Space | 56.26 Gb Free Space | 75.57% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Lisa Huffman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/22 14:13:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Huffman\Desktop\OTL.com
PRC - [2011/08/05 09:03:28 | 000,140,952 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/03/14 09:17:15 | 002,071,904 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/24 10:42:47 | 000,725,344 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 14:41:40 | 000,621,920 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/10 10:58:11 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/10 10:58:09 | 000,515,424 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/10 10:57:33 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/10 10:57:26 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 15:27:29 | 000,116,032 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/02 15:26:52 | 000,378,176 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/09/16 16:22:08 | 000,020,480 | -H-- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/24 18:46:10 | 000,063,040 | -H-- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 16:24:44 | 000,094,208 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/11/08 21:50:10 | 001,552,384 | -H-- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/10 08:55:04 | 000,092,160 | -H-- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/09/07 16:29:04 | 000,737,280 | -H-- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/05/14 13:21:40 | 000,475,136 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/04/15 17:39:44 | 000,040,960 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2007/04/15 17:39:36 | 000,159,744 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/04/15 17:39:34 | 000,050,736 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/15 17:39:34 | 000,040,960 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/12/19 13:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 13:05:50 | 000,282,624 | -H-- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/11 14:46:22 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/11 14:46:05 | 000,998,400 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/11 14:33:58 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 14:33:52 | 012,430,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 14:33:36 | 001,587,200 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 14:31:21 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 18:31:19 | 000,303,104 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/16 14:08:12 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2009/10/02 15:26:51 | 001,063,248 | -H-- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2009/02/13 12:44:56 | 000,071,696 | -H-- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 12:44:52 | 000,207,376 | -H-- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 12:44:52 | 000,117,264 | -H-- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2007/10/09 03:17:44 | 000,139,264 | -H-- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 03:17:36 | 000,753,664 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/09/10 08:53:26 | 000,262,144 | -H-- | M] () -- C:\WINDOWS\system32\wxvault.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/10 10:57:33 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/10 10:57:26 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/02 15:27:29 | 000,116,032 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/09/16 16:22:08 | 000,020,480 | -H-- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/07/24 18:46:10 | 000,063,040 | -H-- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/12/05 16:24:44 | 000,094,208 | -H-- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 21:50:10 | 001,552,384 | -H-- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 13:31:44 | 000,192,512 | -H-- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 16:29:04 | 000,737,280 | -H-- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 16:39:18 | 000,486,400 | -H-- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/05/28 09:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/05/24 07:08:44 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/14 13:21:40 | 000,475,136 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/12/19 13:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/07/25 12:25:18 | 000,491,520 | -H-- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device)

========== Driver Services (SafeList) ==========

DRV - [2011/05/05 14:44:14 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/10 10:58:54 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/10 10:58:53 | 000,029,584 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/02 15:26:57 | 000,083,288 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/12/17 17:29:52 | 000,715,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/24 18:46:12 | 000,012,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/12/05 16:24:44 | 001,222,840 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 17:26:22 | 000,989,952 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 17:26:20 | 000,731,136 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 17:26:20 | 000,211,200 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/09 03:17:42 | 001,123,328 | -H-- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/10 08:55:00 | 000,161,280 | -H-- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 08:57:14 | 000,026,608 | -H-- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 08:18:40 | 000,018,176 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/04/24 17:09:56 | 001,975,808 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/15 17:39:34 | 000,132,608 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/11 14:33:48 | 000,014,336 | RH-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/04/11 14:33:24 | 000,011,264 | RH-- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/03/20 14:53:00 | 000,160,256 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/19 13:21:52 | 000,010,480 | -H-- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 11:32:32 | 000,097,536 | -H-- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2005/08/12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080305
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080305

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080305
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080305
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080305
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com...w.facebook.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.11
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/09 19:57:18 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/29 09:58:01 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 09:11:51 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/22 11:37:49 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 12:05:06 | 000,000,000 | -H-D | M]

[2008/09/03 06:47:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Extensions
[2011/08/22 11:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions
[2011/07/18 08:55:37 | 000,000,000 | -H-D | M] (Forecastfox) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/06/27 09:37:52 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/27 14:29:55 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/01 09:21:18 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/08 08:47:17 | 000,000,000 | -H-D | M] (IE Tab) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/02 15:14:31 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/05/13 19:35:05 | 000,000,000 | -H-D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\[email protected]
[2011/08/16 10:13:19 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\[email protected]
[2009/09/04 09:09:17 | 000,000,682 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\searchplugins\ask.xml
[2011/06/23 16:52:18 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\searchplugins\siteadvisor-1.xml
[2008/03/10 18:01:17 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\searchplugins\siteadvisor.xml
[2011/05/06 15:06:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA HUFFMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z5M4EEEU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA HUFFMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z5M4EEEU.DEFAULT\EXTENSIONS\[email protected]
[2009/03/16 17:17:02 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/22 11:37:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 15:45:03 | 000,075,208 | -H-- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/05/06 15:14:54 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/11/19 10:09:42 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/08/22 07:44:29 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 80.79.117.219 www.google.com
O1 - Hosts: 80.79.117.220 search.yahoo.com
O1 - Hosts: 80.79.117.220 www.bing.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [compmgm] File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\.DEFAULT..\Run: [UYVCmBdwfK] C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe ()
O4 - HKU\S-1-5-18..\Run: [UYVCmBdwfK] C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe ()
O4 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006..\Run: [Security Protection] File not found
O4 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006..\Run: [YJ3C6F6A3XZV5G7JNBQURDPYZHPWV] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/19 12:40:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Lisa Huffman\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ccbbc3c-0396-11de-babc-001d09c8d326}\Shell - "" = AutoRun
O33 - MountPoints2\{3ccbbc3c-0396-11de-babc-001d09c8d326}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ccbbc3c-0396-11de-babc-001d09c8d326}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srvCAC - File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/22 14:13:45 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa Huffman\Desktop\OTL.com
[2011/08/22 14:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Huffman\Desktop\tdsskiller
[2011/08/22 12:11:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/21 17:42:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/19 13:08:17 | 000,000,000 | -H-D | C] -- C:\System Repair
[2011/08/19 10:46:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/18 22:36:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/18 22:36:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/17 18:23:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/17 18:23:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/17 18:23:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/28 14:40:18 | 000,000,000 | -H-D | C] -- C:\Program Files\PowerPoint Viewer
[2011/07/28 14:39:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spine Research Institute of San Diego
[2011/07/28 14:35:29 | 000,000,000 | -H-D | C] -- C:\Program Files\SRISD
[2009/04/20 11:39:30 | 000,018,944 | -H-- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/03/11 09:32:43 | 001,134,592 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll
[2008/03/11 09:32:42 | 001,183,744 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2008/03/11 09:32:42 | 000,491,520 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe
[2008/03/11 09:32:42 | 000,372,736 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfih.exe
[2008/03/11 09:32:42 | 000,155,648 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2008/03/11 09:32:42 | 000,114,688 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2008/03/11 09:32:41 | 000,704,512 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2008/03/11 09:32:41 | 000,483,328 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2008/03/11 09:32:41 | 000,413,696 | -H-- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/08/22 14:17:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/22 14:13:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Huffman\Desktop\OTL.com
[2011/08/22 14:10:00 | 000,001,006 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3036973516-2505478358-2408811414-1006UA.job
[2011/08/22 14:09:54 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\Lisa Huffman\Desktop\tdsskiller.zip
[2011/08/22 14:08:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 11:57:41 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\prvlcl.dat
[2011/08/22 11:51:25 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 11:49:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/22 11:49:38 | 3622,121,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/22 11:20:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/22 09:44:30 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Protection.lnk
[2011/08/22 07:44:29 | 000,000,916 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/21 17:24:03 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/19 13:08:18 | 000,000,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/08/19 13:08:18 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/08/19 13:08:17 | 000,000,733 | -H-- | M] () -- C:\System Repair.lnk
[2011/08/19 13:08:16 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/08/19 13:08:10 | 000,417,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/08/19 12:37:17 | 000,462,848 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe
[2011/08/18 15:10:14 | 000,000,954 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3036973516-2505478358-2408811414-1006Core.job
[2011/08/18 09:11:01 | 084,048,107 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/08/17 17:56:59 | 000,003,792 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Application Data\EZUser.INI
[2011/08/17 16:23:59 | 003,073,904 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Desktop\DSCF0690.JPG
[2011/08/17 16:23:42 | 003,076,233 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Desktop\DSCF0689.JPG
[2011/08/17 09:00:23 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\WavXMapDrive.bat
[2011/08/10 18:31:49 | 000,443,456 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 18:31:49 | 000,072,556 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 18:28:40 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 09:24:19 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 17:45:58 | 000,159,090 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Desktop\viewer.png
[2011/08/01 12:12:11 | 000,010,754 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Desktop\ic.jpg

========== Files Created - No Company Name ==========

[2011/08/22 14:09:52 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\Lisa Huffman\Desktop\tdsskiller.zip
[2011/08/22 11:34:38 | 3622,121,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/22 09:44:30 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Protection.lnk
[2011/08/19 13:08:18 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/08/19 13:08:17 | 000,000,733 | -H-- | C] () -- C:\System Repair.lnk
[2011/08/19 13:08:17 | 000,000,240 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/08/19 13:08:15 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/08/19 13:08:10 | 000,417,792 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2011/08/19 12:37:24 | 000,462,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe
[2011/08/17 16:23:53 | 003,073,904 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Desktop\DSCF0690.JPG
[2011/08/17 16:23:40 | 003,076,233 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Desktop\DSCF0689.JPG
[2011/08/01 17:45:57 | 000,159,090 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Desktop\viewer.png
[2011/08/01 12:12:06 | 000,010,754 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Desktop\ic.jpg
[2011/07/28 14:40:24 | 000,000,681 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Start Menu\Programs\Microsoft PowerPoint Viewer 97.lnk
[2011/07/15 17:57:10 | 000,003,792 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Application Data\EZUser.INI
[2011/06/30 15:38:18 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\EJRLREAD.INI
[2011/06/30 15:08:22 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\READIBMW.INI
[2011/04/29 09:27:49 | 000,035,036 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/23 14:56:41 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2010/09/10 16:12:45 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\prvlcl.dat
[2010/08/20 10:52:58 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/08/20 10:52:02 | 000,145,590 | -H-- | C] () -- C:\WINDOWS\hppins07.dat.temp
[2010/08/20 10:52:02 | 000,000,838 | -H-- | C] () -- C:\WINDOWS\hppmdl07.dat.temp
[2010/05/12 09:39:06 | 000,044,544 | -H-- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/05/12 09:39:05 | 000,484,352 | -H-- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/04/20 11:39:39 | 000,030,720 | -H-- | C] () -- C:\WINDOWS\System32\PKDCLVB.DLL
[2009/04/20 11:39:38 | 000,447,488 | -H-- | C] () -- C:\WINDOWS\System32\PGPDLL.DLL
[2009/04/20 11:39:10 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\AESCRYPT.DLL
[2009/03/30 14:34:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/22 20:15:49 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/18 11:48:28 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2008/07/18 11:41:16 | 000,152,774 | -H-- | C] () -- C:\WINDOWS\System32\hppins07.dat
[2008/07/18 11:41:16 | 000,145,590 | -H-- | C] () -- C:\WINDOWS\hppins07.dat
[2008/07/18 11:41:16 | 000,000,838 | -H-- | C] () -- C:\WINDOWS\hppmdl07.dat
[2008/07/18 11:40:59 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/07/18 11:39:10 | 000,000,685 | RH-- | C] () -- C:\WINDOWS\System32\hppapr07.dat
[2008/03/18 14:51:15 | 000,008,704 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2008/03/18 14:49:53 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/03/18 14:49:31 | 000,011,776 | -H-- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/03/11 09:32:43 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2008/03/10 18:35:26 | 000,001,690 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/10 17:05:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/10 16:53:46 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\fusioncache.dat
[2008/03/10 16:53:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Lisa Huffman\Local Settings\Application Data\WavXMapDrive.bat
[2008/03/04 21:15:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/04 21:09:01 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/04 21:09:00 | 000,753,664 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/03/04 21:09:00 | 000,024,064 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/03/04 21:01:45 | 000,080,368 | -H-- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/03/04 20:59:11 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/03/04 20:59:11 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/03/04 20:34:18 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/04 20:34:17 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/04 20:34:17 | 000,128,813 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/04 20:32:42 | 000,001,120 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 13:42:30 | 000,499,712 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 13:42:30 | 000,471,040 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 13:42:28 | 000,487,424 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 13:42:28 | 000,487,424 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 13:42:28 | 000,462,848 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 13:42:28 | 000,458,752 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 13:42:26 | 000,487,424 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 13:42:26 | 000,487,424 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 13:42:26 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 13:42:26 | 000,434,176 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 13:36:24 | 000,438,272 | -H-- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/13 13:32:36 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\CacheFP.exe
[2007/09/12 14:05:08 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 14:04:46 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 14:04:26 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 14:04:06 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 14:03:44 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 14:03:24 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 14:03:04 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 14:02:44 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 14:02:22 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 14:02:02 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 08:53:26 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 09:19:20 | 000,835,584 | -H-- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/03/16 17:00:00 | 000,003,403 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/14 10:02:10 | 000,072,192 | -H-- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 07:01:16 | 000,348,160 | -H-- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 12:34:00 | 000,917,504 | -H-- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/10 12:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,185,816 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,443,456 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,556 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/08/12 00:00:00 | 001,708,032 | -H-- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/12 00:00:00 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 00:00:00 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/08/12 00:00:00 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/03/04 21:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2008/03/04 21:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.HOME\Application Data\Wave Systems Corp
[2011/08/22 11:36:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/03/18 14:51:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/14 09:17:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/04/13 15:04:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/03/25 16:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/05/13 12:14:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/03/04 20:58:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/04/16 14:40:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/04 21:06:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/07/18 11:48:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\zvprt50
[2008/03/04 21:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2008/03/04 21:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Guest 2\Application Data\Wave Systems Corp
[2008/03/18 16:53:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\Canon
[2008/03/28 11:26:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\eFax Messenger
[2009/09/02 15:14:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\Foxit
[2009/11/18 18:23:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\Foxit Software
[2010/05/17 14:44:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\FreeBurner
[2010/04/13 14:45:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\GARMIN
[2008/03/18 16:54:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\NewSoft
[2009/02/25 16:43:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\OpenOffice.org
[2008/03/04 21:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\Wave Systems Corp
[2010/03/18 17:23:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa Huffman\Application Data\zvprt50
[2009/04/15 08:52:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/20 16:21:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/03/03 00:42:40 | 000,073,728 | -H-- | M] () -- C:\pv.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 17:12:22 | 000,093,184 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/22 11:37:47 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/22 11:37:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/08/05 19:21:27 | 001,017,912 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/04/13 17:12:22 | 000,093,184 | -H-- | M] (Microsoft Corporation)

< End of report >

#26
Nedklaw

Posted 24 August 2011 - 03:26 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Step 1

Download Unhide.exe to your desktop.

Double-click on Unhide.exe and allow the program to run.

This program will remove the hidden attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Step 2

Please uninstall these programs via Control Panel > Add/Remove Programs (if present):

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 5
Java™ 6 Update 7

Step 3

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...03&gct=&gc=1&q=
IE - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
FF - prefs.js..browser.search.order.1: "Ask"
[2009/09/02 15:14:31 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/04 09:09:17 | 000,000,682 | -H-- | M] () -- C:\Documents and Settings\Lisa Huffman\Application Data\Mozilla\Firefox\Profiles\z5m4eeeu.default\searchplugins\ask.xml
[2009/11/06 15:45:03 | 000,075,208 | -H-- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
O3 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [compmgm] File not found
O4 - HKU\.DEFAULT..\Run: [UYVCmBdwfK] C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe ()
O4 - HKU\S-1-5-18..\Run: [UYVCmBdwfK] C:\Documents and Settings\All Users\Application Data\UYVCmBdwfK.exe ()
O4 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006..\Run: [Security Protection] File not found
O4 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006..\Run: [YJ3C6F6A3XZV5G7JNBQURDPYZHPWV] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3036973516-2505478358-2408811414-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
NetSvcs: srvCAC - File not found
[2011/08/19 13:08:17 | 000,000,000 | -H-D | C] -- C:\System Repair 
[2011/08/22 09:44:30 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Protection.lnk
[2011/08/19 13:08:18 | 000,000,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/08/19 13:08:18 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/08/19 13:08:17 | 000,000,733 | -H-- | M] () -- C:\System Repair.lnk
[2011/08/19 13:08:16 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/08/19 13:08:10 | 000,417,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz.exe
[2006/03/03 00:42:40 | 000,073,728 | -H-- | M] () -- C:\pv.exe 

:Files
C:\Program Files\AskSearch
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Things I want to see in your next reply

OTL Fix Log
OTL.txt
MBRCheck Report

#27
lucille123

Posted 25 August 2011 - 03:21 PM

Member

Topic Starter
Member
100 posts

I ran the unhide which unhid most of my programs and uninstalled the java programs. When I ran OTL I had a hard time rebooting. I did save the text, but there weren't any icons or the start menu on the desktop. I had to shut it down and reboot. I had a hard time getting the regular desktop back. When I eventually did it somehow uninstalled my capacity to hook up online. I tried accessing the internet through safemode as well, but couldn't find where to hook online.

There is an autohide window that pops up everytime I startup.

When I get home I will try to hookup online again.

Thanks for all your help. I am sorry it is taking a while

#28
Nedklaw

Posted 27 August 2011 - 04:30 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

I have some questions for you:

I just want to verify if the icons have reappeared on your desktop and start menu?
What does the autohide window say?
Do you have the OTL logs and MBRCheck log for me?
Can you access the internet?

#29
lucille123

Posted 28 August 2011 - 09:54 PM

Member

Topic Starter
Member
100 posts

I am trying to post from my phone and hope this works. Just internet explorer, an Adobe folder, gooredfix folder and a few logs are on the desktop in safemode only. On startup menu FireFox is there too. Under programs on the startup menu it looks like the majority of programs are there, but they are empty. Ezbis is totally missing. On regular mode there is nothing on the desktop not even the start menu. I have no internet access and under the network connections window there is nothing.

#30
lucille123

Posted 28 August 2011 - 09:56 PM

Member

Topic Starter
Member
100 posts

I don't know how I can get the logs to you without internet access. I can maybe copy them to a key but dont want to infect another computer. I am not the luckiest this week as my car was just stolen, lol.