Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Svchost.exe high CPU usage


  • This topic is locked This topic is locked

#1
thegruesome2some

thegruesome2some

    New Member

  • Member
  • Pip
  • 6 posts
Hi, I'm having trouble with svchost.exe using 100% CPU usage. I have tried doing virus scans and it hasn't been able to find the issue. I have also noticed that there are constantly IE cookies since this problem started(I use firefox). If anyone can help me with this problem I would greatly appreciate it.
  • 0

Advertisements


#2
thegruesome2some

thegruesome2some

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 8/24/2011 3:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Josh Rosen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 176.00 Mb Available Physical Memory | 34.42% Memory free
1.32 Gb Paging File | 0.90 Gb Available in Paging File | 68.34% Paging File free
Paging file location(s): C:\pagefile.sys 868 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.32 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 92.77 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: VALUED-3253602F | User Name: Josh Rosen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
PRC - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 15:56:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe
PRC - [2011/06/29 15:56:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe
PRC - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 17:16:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
PRC - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
PRC - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/29 15:56:41 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\mozjs.dll
MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/02 22:15:28 | 003,771,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/07/26 08:40:21 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TermServices)
SRV - File not found [Auto | Stopped] -- -- (PolicyAgent3232)
SRV - File not found [Auto | Stopped] -- -- (PolicyAgent32)
SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
SRV - File not found [Auto | Stopped] -- -- (Messenger32)
SRV - File not found [Auto | Stopped] -- -- (LPDSVC32)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
SRV - File not found [Auto | Stopped] -- -- (hkmsvc32)
SRV - File not found [Auto | Stopped] -- -- (ERSvc32)
SRV - File not found [Auto | Stopped] -- -- (COMSysApp32)
SRV - File not found [Auto | Stopped] -- -- (ClipSrv32)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/01 21:53:48 | 000,495,705 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/06/30 20:38:40 | 001,196,032 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 14:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 09:58:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 09:58:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/22 16:11:56 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\qqijpp.sys -- (pmdj)
DRV - [2010/05/22 16:05:24 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\bgvpp.sys -- (tedcm)
DRV - [2010/05/22 16:02:20 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mxjx.sys -- (otyqou)
DRV - [2010/05/22 15:58:53 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vprgx.sys -- (lwnerutq)
DRV - [2009/08/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/09/20 20:00:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/12 21:46:14 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 13:44:04 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/04 17:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/06/13 15:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 08:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 192.168.1.1/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "The Pirate Bay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {45951541-C9B7-4273-BBAA-05EDDFD1A808}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://finderquery.c...qbho&keywords="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49758
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://finderquery.c...qbho&keywords="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}: C:\Documents and Settings\STEVE Rosen\Local Settings\Application Data\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808} [2011/04/10 21:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2011/06/29 15:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808} [2011/04/10 21:32:08 | 000,000,000 | ---D | M]

[2008/08/27 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Extensions
[2011/08/10 15:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions
[2011/07/20 17:58:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}
[2011/07/24 08:26:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}
[2011/07/22 08:16:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}
[2011/08/09 13:58:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}
[2011/08/23 19:30:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}
[2011/01/13 15:58:04 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\searchplugins\ebay.xml
[2010/09/11 13:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/04/10 21:32:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\LOCAL SETTINGS\APPLICATION DATA\{45951541-C9B7-4273-BBAA-05EDDFD1A808}
[2008/10/28 15:12:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/27 22:51:31 | 000,000,000 | ---D | M] (FinderQuery Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2011/07/27 22:51:28 | 000,000,000 | ---D | M] (IspAssistant Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2009/02/10 18:58:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {04AD455B-5A99-4958-B93D-768FAC41D26f} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {05B748B1-0DC4-47B8-82E2-2920C2BFB66c} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {08690A09-AE87-4CEA-8CCC-C2A41EC96A50} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {0F74E654-42E7-462A-A4A0-2F0CFC35403b} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {1819DE36-F9C6-4497-93C6-AA38D7042531} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {184C5617-2474-4182-9162-2652F8A99D22} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {244092AF-5398-4F7A-9787-7510A2E61782} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {28320569-673E-4FBA-A5E9-53E9A2F049E2} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {284550AF-24A8-4FE1-9E77-250C0A211F66} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {2A0A4952-4E48-4F52-8DB1-6A727D6489Fb} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {2B365BCE-3FA2-449C-A5CC-69A0586298E3} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {2EC3DECD-A761-4820-B424-44C9EB94AC8c} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {30DCE52D-B7F6-469C-8372-9D0782CB1178} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {359571A3-AFA4-47D5-9ECB-6407305FE0B8} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {3648033E-B222-4F22-9FA2-175DF7840716} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {364DA6C1-A5AB-4D22-8F13-329D241933Bc} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {457E054A-BE89-4871-81F5-60D28433EF02} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {5237CF0D-003E-406D-B4AA-FAA2B2EA250f} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {592348A6-990B-47F4-A187-D6F694A7EB71} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {5C24E792-749C-4767-A819-CC9D1907A3F6} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {68564AA0-E56D-460D-B7E0-3ABF45B830D0} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {771971E0-B53C-4D39-A63B-F32AAEF1F24f} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {7E2BCDDA-1F37-4820-A00B-66BBF79C655d} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {82F06574-158D-4152-9322-87276703A59d} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {8A8E644B-EB84-4E96-8BE6-867F47DAD4Ef} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {9050F9AE-A0DB-476D-A5C6-AB83CF825868} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {91CF18D3-3F2E-44D8-B7F0-610A30870A59} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {9B7A14E3-A2B8-4539-838B-479668E4D1F6} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {9F954BB1-9469-40E2-AB0C-130F23A5D230} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {9FA3418E-7AB0-4C11-81E3-C0FFBF715193} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {A6374BCC-AF27-466F-973E-D536F3E35014} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {A7CE16B9-3B7A-41DD-9B86-CA763BAAEDBc} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AA999CCE-77A5-4C2F-B116-A055AD942254} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {B2BE0721-13AB-4E74-9C82-DDA418770CF5} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {B7FF03E5-ED84-45F8-B028-B7C1609FEC58} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {B8E72ADC-3F97-4D3D-BC98-16110101F9C0} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {B97112C9-85BD-426B-9E00-C51B92C808E1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {BA2DDBB4-81A0-4086-8E93-C8BBA4B95916} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {BF16E885-E29B-48B4-86CF-34F961AEF5A7} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {C2FDF94E-54D2-457A-98D7-B12960DAF0Db} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {C58192D8-3AD4-4D05-8510-F524D9C65AE1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {CC07E2DF-B998-4053-8A61-04EDFCEA1F94} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {CF43231E-7BE7-42D3-B331-78DA3FD5E005} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {CF622073-61E9-4501-8EFA-8664BFC19BF1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {D476E0D7-A1AA-43D0-8BDB-6B48D7DCE663} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {D608655B-E007-42E0-8BF2-907C706E5FF0} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {EEEBD13D-CF5B-41A9-8054-1BF920A70FB3} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {EFF73307-573D-4C2B-9133-2B5A400A4639} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {F06A2DB2-0578-429D-A58A-37672590B9C1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {F1ADAD32-CF43-4005-92E9-DB1C62A270D1} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {F79ED1ED-04DE-44A3-9D55-CBCB03D9DBE8} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - {FF707B3E-D9AE-4A2A-93B0-4109C33276C7} - C:\WINDOWS\system32\ativvaxx32.dll ()
O2 - BHO: (no name) - rsion - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {15757333-2BCA-4B77-A807-D0955132F812} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] File not found
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} c:\program files\yahoo!\installs\ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROSENSCOMP
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lfavi10N32.dll) - C:\WINDOWS\system32\lfavi10N32.dll (People Can Fly)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\afdecebffd: DllName - C:\WINDOWS\system32\afdecebffd.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\termew32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsvces: DllName - termew32.dll - File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/13 23:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell - "" = AutoRun
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 13:59:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Josh Rosen\Recent
[2011/08/24 13:53:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
[2011/08/18 22:42:49 | 000,158,208 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\lfavi10N32.dll
[2011/08/12 11:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/07/27 22:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FCSB000062037
[2011/07/27 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\FinderQuery Addon
[2011/07/27 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\IspAssistant Addon
[2011/07/27 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 3
[2011/07/27 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Shop To Win
[8 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/24 14:02:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 14:00:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
[2011/08/24 13:41:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/18 22:42:49 | 000,158,208 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\lfavi10N32.dll
[2011/08/18 22:42:49 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\2062035824
[2011/08/12 07:28:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[8 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/24 08:26:39 | 000,358,912 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/23 00:20:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/17 20:35:47 | 000,005,275 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Application Data\6A1E.250
[2011/05/15 03:01:59 | 000,014,238 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 03:01:59 | 000,014,238 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/04/28 20:31:50 | 000,015,200 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\f138r652ip20jiuktsbj8j438o3oqqk5qi588821khf57
[2011/04/28 20:31:50 | 000,015,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f138r652ip20jiuktsbj8j438o3oqqk5qi588821khf57
[2011/04/10 21:32:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rciqozujitif.bin
[2011/04/10 21:32:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Axilomatumoy.dat
[2010/09/11 18:38:58 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/24 21:19:12 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Application Data\bpzmnq.dat
[2010/05/22 16:11:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qqijpp.sys
[2010/05/22 16:05:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgvpp.sys
[2010/05/22 16:02:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mxjx.sys
[2010/05/22 15:58:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vprgx.sys
[2010/04/06 22:54:03 | 000,012,114 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\C6158646
[2010/04/06 22:54:03 | 000,012,114 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\C6158646
[2009/06/25 18:30:10 | 000,059,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/23 16:51:14 | 000,006,964 | ---- | C] () -- C:\WINDOWS\ebesadoqene.dll
[2008/09/17 21:00:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/21 10:39:39 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/08/21 10:39:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/08/21 10:39:39 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/01/06 21:50:57 | 000,996,213 | ---- | C] () -- C:\Program Files\OpinionResearchPanel.mht
[2007/05/10 17:09:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/24 14:33:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/04/24 14:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/22 22:30:58 | 000,116,460 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/04/22 22:30:57 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/21 17:13:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/02/21 17:13:04 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/02/13 12:29:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/20 22:22:38 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/02/27 22:03:42 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[2006/02/27 21:57:45 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tnpec.dll
[2006/02/27 21:57:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\pocbww.dat
[2006/02/27 21:56:33 | 000,810,000 | RHS- | C] () -- C:\WINDOWS\shefaji.exe
[2006/02/27 21:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\jptc.dat
[2006/02/24 22:04:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/09 16:48:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2006/02/09 16:48:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AADL.exe
[2006/02/09 16:48:45 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2006/02/04 14:32:44 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 16:06:09 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2005/11/05 11:56:17 | 000,002,895 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/09 13:34:43 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/08/09 13:34:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/08/01 21:05:51 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/29 21:29:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/15 15:30:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/15 15:30:37 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/15 15:26:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/15 15:25:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/08/15 15:23:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/08/15 15:21:10 | 000,014,691 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/14 21:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/14 20:31:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/14 20:29:04 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/08/14 20:28:34 | 000,289,128 | ---- | C] () -- C:\WINDOWS\q329390.exe
[2003/08/14 20:28:26 | 000,495,464 | ---- | C] () -- C:\WINDOWS\q329115.exe
[2003/08/14 20:25:39 | 000,381,288 | ---- | C] () -- C:\WINDOWS\q329048.exe
[2003/08/14 20:25:32 | 000,214,888 | ---- | C] () -- C:\WINDOWS\q329834.exe
[2003/08/14 20:25:00 | 000,711,528 | ---- | C] () -- C:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
[2003/08/14 20:21:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/08/14 20:19:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 23:12:16 | 000,000,808 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 23:09:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/13 23:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/13 22:59:36 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/08/13 22:59:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/13 22:59:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/13 22:59:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/08/13 22:58:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/08/13 22:58:18 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/13 22:58:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/08/13 22:58:08 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/13 22:58:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/13 22:58:08 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/13 22:58:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/13 22:58:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/13 22:58:07 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/13 22:58:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/13 22:58:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/13 22:58:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/13 22:58:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/13 22:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/13 16:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/13 16:03:16 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/27 07:49:26 | 000,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/08/29 20:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/08 12:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/02/02 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Asphyxia
[2010/09/11 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511
[2008/11/02 12:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2006/12/20 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/15 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/19 15:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/24 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeatherStudio Desktop
[2010/06/06 00:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/18 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2005/12/16 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\.bittorrent
[2006/02/24 22:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\acccore
[2007/03/02 10:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Aim
[2007/11/13 21:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\alot
[2009/07/05 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Azureus
[2010/05/20 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Data Protection
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Digital Asphyxia
[2009/02/10 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Foxit
[2011/04/27 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\FrostWire
[2007/04/26 13:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Image Zone Express
[2005/11/02 23:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Nova Development
[2008/12/28 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\PlayFirst
[2010/09/11 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\QuickScan
[2010/04/11 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\RadioBar
[2005/11/02 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Serif
[2006/02/28 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Thunderbird
[2009/07/27 11:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\uTorrent
[2008/03/02 04:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Viewpoint
[2007/02/04 19:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\WeatherStudio Desktop

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\firewall.cpl:SummaryInformation

< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I have not seen so much malware for a while - so lets start getting rid of it. When you re-run OTL for a new scan please select all users

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2010/05/22 16:11:56 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\qqijpp.sys -- (pmdj)
    DRV - [2010/05/22 16:05:24 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\bgvpp.sys -- (tedcm)
    DRV - [2010/05/22 16:02:20 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mxjx.sys -- (otyqou)
    DRV - [2010/05/22 15:58:53 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vprgx.sys -- (lwnerutq)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
    [2011/04/10 21:32:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\LOCAL SETTINGS\APPLICATION DATA\{45951541-C9B7-4273-BBAA-05EDDFD1A808}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {04AD455B-5A99-4958-B93D-768FAC41D26f} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {05B748B1-0DC4-47B8-82E2-2920C2BFB66c} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {08690A09-AE87-4CEA-8CCC-C2A41EC96A50} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {0F74E654-42E7-462A-A4A0-2F0CFC35403b} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {1819DE36-F9C6-4497-93C6-AA38D7042531} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {184C5617-2474-4182-9162-2652F8A99D22} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {244092AF-5398-4F7A-9787-7510A2E61782} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {28320569-673E-4FBA-A5E9-53E9A2F049E2} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {284550AF-24A8-4FE1-9E77-250C0A211F66} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {2A0A4952-4E48-4F52-8DB1-6A727D6489Fb} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {2B365BCE-3FA2-449C-A5CC-69A0586298E3} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {2EC3DECD-A761-4820-B424-44C9EB94AC8c} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {30DCE52D-B7F6-469C-8372-9D0782CB1178} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {359571A3-AFA4-47D5-9ECB-6407305FE0B8} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {3648033E-B222-4F22-9FA2-175DF7840716} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {364DA6C1-A5AB-4D22-8F13-329D241933Bc} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {457E054A-BE89-4871-81F5-60D28433EF02} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {5237CF0D-003E-406D-B4AA-FAA2B2EA250f} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {592348A6-990B-47F4-A187-D6F694A7EB71} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {5C24E792-749C-4767-A819-CC9D1907A3F6} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {68564AA0-E56D-460D-B7E0-3ABF45B830D0} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {771971E0-B53C-4D39-A63B-F32AAEF1F24f} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {7E2BCDDA-1F37-4820-A00B-66BBF79C655d} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {82F06574-158D-4152-9322-87276703A59d} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {8A8E644B-EB84-4E96-8BE6-867F47DAD4Ef} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {9050F9AE-A0DB-476D-A5C6-AB83CF825868} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {91CF18D3-3F2E-44D8-B7F0-610A30870A59} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {9B7A14E3-A2B8-4539-838B-479668E4D1F6} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {9F954BB1-9469-40E2-AB0C-130F23A5D230} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {9FA3418E-7AB0-4C11-81E3-C0FFBF715193} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {A6374BCC-AF27-466F-973E-D536F3E35014} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {A7CE16B9-3B7A-41DD-9B86-CA763BAAEDBc} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AA999CCE-77A5-4C2F-B116-A055AD942254} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (no name) - {B2BE0721-13AB-4E74-9C82-DDA418770CF5} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {B7FF03E5-ED84-45F8-B028-B7C1609FEC58} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {B8E72ADC-3F97-4D3D-BC98-16110101F9C0} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {B97112C9-85BD-426B-9E00-C51B92C808E1} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {BA2DDBB4-81A0-4086-8E93-C8BBA4B95916} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {BF16E885-E29B-48B4-86CF-34F961AEF5A7} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {C2FDF94E-54D2-457A-98D7-B12960DAF0Db} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {C58192D8-3AD4-4D05-8510-F524D9C65AE1} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {CC07E2DF-B998-4053-8A61-04EDFCEA1F94} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {CF43231E-7BE7-42D3-B331-78DA3FD5E005} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {CF622073-61E9-4501-8EFA-8664BFC19BF1} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {D476E0D7-A1AA-43D0-8BDB-6B48D7DCE663} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {D608655B-E007-42E0-8BF2-907C706E5FF0} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {EEEBD13D-CF5B-41A9-8054-1BF920A70FB3} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {EFF73307-573D-4C2B-9133-2B5A400A4639} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {F06A2DB2-0578-429D-A58A-37672590B9C1} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {F1ADAD32-CF43-4005-92E9-DB1C62A270D1} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {F79ED1ED-04DE-44A3-9D55-CBCB03D9DBE8} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - {FF707B3E-D9AE-4A2A-93B0-4109C33276C7} - C:\WINDOWS\system32\ativvaxx32.dll ()
    O2 - BHO: (no name) - rsion - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {15757333-2BCA-4B77-A807-D0955132F812} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: = 1
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\lfavi10N32.dll) - C:\WINDOWS\system32\lfavi10N32.dll (People Can Fly)
    O20 - Winlogon\Notify\afdecebffd: DllName - C:\WINDOWS\system32\afdecebffd.dll - File not found
    O20 - Winlogon\Notify\termew32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\termsvces: DllName - termew32.dll - File not found
    [2011/08/18 22:42:49 | 000,158,208 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\lfavi10N32.dll
    [2011/08/12 11:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2011/07/27 22:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FCSB000062037
    [2011/07/27 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\FinderQuery Addon
    [2011/07/27 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\IspAssistant Addon
    [2011/07/27 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 3
    [2011/07/27 22:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Shop To Win
    [2011/08/18 22:42:49 | 000,158,208 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\lfavi10N32.dll
    [2011/08/18 22:42:49 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\2062035824
    [2011/07/24 08:26:39 | 000,358,912 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.dll
    [2011/06/17 20:35:47 | 000,005,275 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Application Data\6A1E.250
    [2011/05/15 03:01:59 | 000,014,238 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
    [2011/05/15 03:01:59 | 000,014,238 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
    [2011/04/28 20:31:50 | 000,015,200 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\f138r652ip20jiuktsbj8j438o3oqqk5qi588821khf57
    [2011/04/28 20:31:50 | 000,015,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f138r652ip20jiuktsbj8j438o3oqqk5qi588821khf57
    [2011/04/10 21:32:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rciqozujitif.bin
    [2011/04/10 21:32:09 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Axilomatumoy.dat
    [2010/05/24 21:19:12 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Application Data\bpzmnq.dat
    [2010/05/22 16:11:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qqijpp.sys
    [2010/05/22 16:05:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgvpp.sys
    [2010/05/22 16:02:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mxjx.sys
    [2010/05/22 15:58:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vprgx.sys
    [2010/04/06 22:54:03 | 000,012,114 | -HS- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\C6158646
    [2010/04/06 22:54:03 | 000,012,114 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\C6158646
    [2009/04/23 16:51:14 | 000,006,964 | ---- | C] () -- C:\WINDOWS\ebesadoqene.dll
    [2008/08/21 10:39:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
    [2007/02/21 17:13:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
    [2007/02/21 17:13:04 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
    [2006/02/27 21:57:45 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tnpec.dll
    [2006/02/27 21:57:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\pocbww.dat
    [2006/02/27 21:56:33 | 000,810,000 | RHS- | C] () -- C:\WINDOWS\shefaji.exe
    [2006/02/27 21:56:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\jptc.dat
    [2006/02/24 22:04:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#4
thegruesome2some

thegruesome2some

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your help. I thought it had fixed the problem but then svchost.exe started taking up all the cpu usage again.

OTL logfile created on: 8/24/2011 5:38:18 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Josh Rosen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 115.37 Mb Available Physical Memory | 22.56% Memory free
1.32 Gb Paging File | 0.93 Gb Available in Paging File | 70.34% Paging File free
Paging file location(s): C:\pagefile.sys 868 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.45 Gb Free Space | 17.54% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 92.77 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: VALUED-3253602F | User Name: Josh Rosen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
PRC - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 15:56:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe
PRC - [2011/06/29 15:56:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe
PRC - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 17:16:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
PRC - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
PRC - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/29 15:56:41 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\mozjs.dll
MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/02 22:15:28 | 003,771,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/07/26 08:40:21 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TermServices)
SRV - File not found [Auto | Stopped] -- -- (PolicyAgent3232)
SRV - File not found [Auto | Stopped] -- -- (PolicyAgent32)
SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
SRV - File not found [Auto | Stopped] -- -- (Messenger32)
SRV - File not found [Auto | Stopped] -- -- (LPDSVC32)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
SRV - File not found [Auto | Stopped] -- -- (hkmsvc32)
SRV - File not found [Auto | Stopped] -- -- (ERSvc32)
SRV - File not found [Auto | Stopped] -- -- (COMSysApp32)
SRV - File not found [Auto | Stopped] -- -- (ClipSrv32)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/01 21:53:48 | 000,495,705 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/06/30 20:38:40 | 001,196,032 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 14:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 09:58:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 09:58:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/09/20 20:00:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/12 21:46:14 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 13:44:04 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/04 17:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/06/13 15:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 08:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 192.168.1.1/
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "The Pirate Bay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {45951541-C9B7-4273-BBAA-05EDDFD1A808}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://finderquery.c...qbho&keywords="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49758
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://finderquery.c...qbho&keywords="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}: C:\Documents and Settings\STEVE Rosen\Local Settings\Application Data\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2011/06/29 15:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808}

[2008/08/27 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Extensions
[2011/08/10 15:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions
[2011/07/20 17:58:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}
[2011/07/24 08:26:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}
[2011/07/22 08:16:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}
[2011/08/09 13:58:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}
[2011/08/23 19:30:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}
[2011/01/13 15:58:04 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\searchplugins\ebay.xml
[2010/09/11 13:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2008/10/28 15:12:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/27 22:51:31 | 000,000,000 | ---D | M] (FinderQuery Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2011/07/27 22:51:28 | 000,000,000 | ---D | M] (IspAssistant Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2009/02/10 18:58:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/08/24 17:30:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] File not found
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} c:\program files\yahoo!\installs\ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROSENSCOMP
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/13 23:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3a02b8a-1264-11de-88d7-000ea61bf990}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell - "" = AutoRun
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b88d74f5-a7c0-11de-896f-000ea61bf990}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 17:29:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/24 13:59:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Josh Rosen\Recent
[2011/08/24 13:53:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/08/24 17:35:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 17:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 17:30:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
[2011/08/24 13:41:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/12 07:28:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/06/23 00:20:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/11 18:38:58 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/06/25 18:30:10 | 000,059,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/17 21:00:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/21 10:39:39 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/08/21 10:39:39 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/01/06 21:50:57 | 000,996,213 | ---- | C] () -- C:\Program Files\OpinionResearchPanel.mht
[2007/05/10 17:09:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/24 14:33:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/04/24 14:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/22 22:30:58 | 000,116,460 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/04/22 22:30:57 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/13 12:29:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/20 22:22:38 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/02/27 22:03:42 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[2006/02/09 16:48:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2006/02/09 16:48:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AADL.exe
[2006/02/09 16:48:45 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2006/02/04 14:32:44 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 16:06:09 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2005/11/05 11:56:17 | 000,002,895 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/09 13:34:43 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/08/09 13:34:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/08/01 21:05:51 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/29 21:29:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/15 15:30:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/15 15:30:37 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/15 15:26:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/15 15:25:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/08/15 15:23:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/08/15 15:21:10 | 000,014,691 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/14 21:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/14 20:31:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/14 20:29:04 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/08/14 20:28:34 | 000,289,128 | ---- | C] () -- C:\WINDOWS\q329390.exe
[2003/08/14 20:28:26 | 000,495,464 | ---- | C] () -- C:\WINDOWS\q329115.exe
[2003/08/14 20:25:39 | 000,381,288 | ---- | C] () -- C:\WINDOWS\q329048.exe
[2003/08/14 20:25:32 | 000,214,888 | ---- | C] () -- C:\WINDOWS\q329834.exe
[2003/08/14 20:25:00 | 000,711,528 | ---- | C] () -- C:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
[2003/08/14 20:21:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/08/14 20:19:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 23:12:16 | 000,000,808 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 23:09:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/13 23:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/13 22:59:36 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/08/13 22:59:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/13 22:59:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/13 22:59:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/08/13 22:58:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/08/13 22:58:18 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/13 22:58:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/08/13 22:58:08 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/13 22:58:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/13 22:58:08 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/13 22:58:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/13 22:58:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/13 22:58:07 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/13 22:58:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/13 22:58:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/13 22:58:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/13 22:58:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/13 22:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/13 16:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/13 16:03:16 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/27 07:49:26 | 000,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/08/29 20:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/08 12:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/02/02 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Asphyxia
[2010/09/11 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511
[2008/11/02 12:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2006/12/20 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/15 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/19 15:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/24 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeatherStudio Desktop
[2010/06/06 00:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/18 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2005/12/16 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\.bittorrent
[2006/02/24 22:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\acccore
[2007/03/02 10:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Aim
[2007/11/13 21:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\alot
[2009/07/05 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Azureus
[2010/05/20 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Data Protection
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Digital Asphyxia
[2009/02/10 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Foxit
[2011/04/27 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\FrostWire
[2007/04/26 13:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Image Zone Express
[2005/11/02 23:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Nova Development
[2008/12/28 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\PlayFirst
[2010/09/11 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\QuickScan
[2010/04/11 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\RadioBar
[2005/11/02 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Serif
[2006/02/28 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Thunderbird
[2009/07/27 11:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\uTorrent
[2008/03/02 04:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Viewpoint
[2007/02/04 19:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\WeatherStudio Desktop

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\firewall.cpl:SummaryInformation

< End of report >

ComboFix 11-08-24.05 - Josh Rosen 08/24/2011 17:53:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.161 [GMT -4:00]
Running from: c:\documents and settings\Josh Rosen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\install.rdf
c:\documents and settings\Josh Rosen\Application Data\Adobe\plugs
c:\documents and settings\Josh Rosen\Application Data\Adobe\shed
c:\documents and settings\Josh Rosen\Application Data\alot
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\chrome.manifest
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\chrome\xulcache.jar
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\defaults\preferences\xulcache.js
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\install.rdf
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\chrome.manifest
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\chrome\xulcache.jar
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\defaults\preferences\xulcache.js
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{251afbc6-3eda-43ea-9198-c0ceec7944f5}\install.rdf
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\chrome.manifest
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\chrome\xulcache.jar
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\defaults\preferences\xulcache.js
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{b4c485c0-b042-4f1f-bd61-28a01488a520}\install.rdf
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\chrome.manifest
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\chrome\xulcache.jar
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\defaults\preferences\xulcache.js
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{e726fe60-525c-4af3-9e36-06156005215f}\install.rdf
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\chrome.manifest
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\chrome\xulcache.jar
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\defaults\preferences\xulcache.js
c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions\{eaaca50d-f18f-4ea2-88c3-10c48dbe860a}\install.rdf
c:\documents and settings\Josh Rosen\WINDOWS
c:\documents and settings\NetworkService\Application Data\Adobe\plugs
c:\documents and settings\NetworkService\Application Data\Adobe\shed
c:\program files\Common Files\System\Uninstall
C:\System
c:\system\FILES\Desktop.ini
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_005836_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_DIRECTX_DRIVERS
-------\Legacy_RDRIV
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 21:29 . 2011-08-24 21:29 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 13:58 . 2010-08-30 01:00 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-10 13:58 . 2010-08-30 01:00 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-06 23:52 . 2010-05-22 19:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-05-22 19:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"nwiz"="nwiz.exe" [2003-07-16 323584]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\Program Files\\Mozilla Firefox 4.0 Beta 5\\firefox.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/29/2010 9:01 PM 136360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:12 AM 24652]
S0 03242e9f626e3745b9d81e028b1320ef;03242e9f626e3745b9d81e028b1320ef;c:\windows\system32\03242e9f626e3745b9d81e028b1320ef.sys --> c:\windows\system32\03242e9f626e3745b9d81e028b1320ef.sys [?]
S0 cnbdd;cnbdd;c:\windows\system32\drivers\rlpvrft.sys --> c:\windows\system32\drivers\rlpvrft.sys [?]
S2 ClipSrv32;ClipBook ;c:\windows\system32\dhcpmon32.exe --> c:\windows\system32\dhcpmon32.exe [?]
S2 COMSysApp32;COM+ System Application ;c:\windows\system32\kbdbhc32.exe --> c:\windows\system32\kbdbhc32.exe [?]
S2 ERSvc32;Error Reporting Service ;c:\windows\system32\datime32.exe --> c:\windows\system32\datime32.exe [?]
S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\msimg3232.exe --> c:\windows\system32\msimg3232.exe [?]
S2 LPDSVC32;TCP/IP Print Server ;c:\windows\system32\ativvaxx32.exe --> c:\windows\system32\ativvaxx32.exe [?]
S2 Messenger32;Messenger ;c:\windows\system32\shgina32.exe --> c:\windows\system32\shgina32.exe [?]
S2 NtmsSvc32;Removable Storage ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]
S2 PolicyAgent32;IPSEC Services ;c:\windows\system32\kbdusr32.exe --> c:\windows\system32\kbdusr32.exe [?]
S2 PolicyAgent3232;IPSEC Services ;c:\windows\system32\wshisn32.exe --> c:\windows\system32\wshisn32.exe [?]
S2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [8/13/2003 10:58 PM 14336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/31/2010 8:34 PM 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/22/2010 3:21 PM 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/22/2010 3:21 PM 41272]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/22/2010 3:21 PM 366640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = 192.168.1.1/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6BBC32C8-FFBF-4F63-88B5-2659BBC4849A}: NameServer = 192.168.1.1,194.98.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2484283&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://ispassistant.com/?clid=&prt=ispassistantbho&tmp=ispassistant_results&keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49758
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BB-98DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82AEE31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-08-24 18:25:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 22:25
.
Pre-Run: 2,553,315,328 bytes free
Post-Run: 2,385,420,288 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 743DAFFFC5BC68398319C4FC4BF4E778
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lots more to kill - once all this is complete could you let me know what problems remain

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\wshisn32.exe
c:\windows\system32\cryptdlg32.exe
c:\windows\system32\03242e9f626e3745b9d81e028b1320ef.sys
c:\windows\system32\drivers\rlpvrft.sys
c:\windows\system32\dhcpmon32.exe
c:\windows\system32\kbdbhc32.exe
c:\windows\system32\msimg3232.exe
c:\windows\system32\ativvaxx32.exe
c:\windows\system32\shgina32.exe
c:\windows\system32\datime32.exe
c:\windows\system32\kbdusr32.exe


Driver::
03242e9f626e3745b9d81e028b1320ef
cnbdd
ClipSrv32
COMSysApp32
ERSvc32
hkmsvc32
LPDSVC32
Messenger32
NtmsSvc32
PolicyAgent32
PolicyAgent3232

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (TermServices)
    SRV - File not found [Auto | Stopped] -- -- (PolicyAgent3232)
    SRV - File not found [Auto | Stopped] -- -- (PolicyAgent32)
    SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
    SRV - File not found [Auto | Stopped] -- -- (Messenger32)
    SRV - File not found [Auto | Stopped] -- -- (LPDSVC32)
    SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
    SRV - File not found [Auto | Stopped] -- -- (hkmsvc32)
    SRV - File not found [Auto | Stopped] -- -- (ERSvc32)
    SRV - File not found [Auto | Stopped] -- -- (COMSysApp32)
    SRV - File not found [Auto | Stopped] -- -- (ClipSrv32)
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..keyword.URL: "http://finderquery.c...qbho&keywords="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 49758
    FF - prefs.js..network.proxy.type: 0
    FF - user.js..keyword.URL: "http://finderquery.c...qbho&keywords="
    FF - user.js..keyword.enabled: 1
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511

    :Reg
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
thegruesome2some

thegruesome2some

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I ran the Combofix successfully but whenever I try to run the OTL it gets to the part where it says Processing Registry Data HKU\.Default\Software\microsoft\internet explorer\main] and just sits there.

ComboFix 11-08-24.06 - Josh Rosen 08/25/2011 7:14.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.240 [GMT -4:00]
Running from: c:\documents and settings\Josh Rosen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Josh Rosen\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\system32\03242e9f626e3745b9d81e028b1320ef.sys"
"c:\windows\system32\ativvaxx32.exe"
"c:\windows\system32\cryptdlg32.exe"
"c:\windows\system32\datime32.exe"
"c:\windows\system32\dhcpmon32.exe"
"c:\windows\system32\drivers\rlpvrft.sys"
"c:\windows\system32\kbdbhc32.exe"
"c:\windows\system32\kbdusr32.exe"
"c:\windows\system32\msimg3232.exe"
"c:\windows\system32\shgina32.exe"
"c:\windows\system32\wshisn32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\remdesgf.default\extensions\{1e324375-a28a-4a5f-8c3e-e6f6dfc68661}\install.rdf
c:\driver\Files\Desktop.ini
C:\log.udt
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\regobj.dll
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\SOCKETX.OCX
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_03242E9F626E3745B9D81E028B1320EF
-------\Legacy_CLIPSRV32
-------\Legacy_CNBDD
-------\Legacy_COMSYSAPP32
-------\Legacy_ERSVC32
-------\Legacy_HKMSVC32
-------\Legacy_LPDSVC32
-------\Legacy_MESSENGER32
-------\Legacy_NTMSSVC32
-------\Legacy_POLICYAGENT32
-------\Legacy_POLICYAGENT3232
-------\Service_03242e9f626e3745b9d81e028b1320ef
-------\Service_ClipSrv32
-------\Service_cnbdd
-------\Service_COMSysApp32
-------\Service_ERSvc32
-------\Service_hkmsvc32
-------\Service_LPDSVC32
-------\Service_Messenger32
-------\Service_NtmsSvc32
-------\Service_PolicyAgent32
-------\Service_PolicyAgent3232
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-24 22:42 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-24 21:29 . 2011-08-24 21:29 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-10 13:58 . 2010-08-30 01:00 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-10 13:58 . 2010-08-30 01:00 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-06 23:52 . 2010-05-22 19:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-05-22 19:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( [email protected]_22.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 11:27 . 2011-08-25 11:27 16384 c:\windows\Temp\Perflib_Perfdata_98.dat
+ 2011-08-24 22:42 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
+ 2011-08-24 22:42 . 2011-05-04 08:52 145184 c:\windows\system32\javaw.exe
+ 2011-08-24 22:42 . 2011-05-04 08:52 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"nwiz"="nwiz.exe" [2003-07-16 323584]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\Program Files\\Mozilla Firefox 4.0 Beta 5\\firefox.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/29/2010 9:01 PM 136360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:12 AM 24652]
S2 TermServices;Remote Desktop Service;c:\windows\System32\svchost.exe -k termsvc [8/13/2003 10:58 PM 14336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/31/2010 8:34 PM 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/22/2010 3:21 PM 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/22/2010 3:21 PM 41272]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/22/2010 3:21 PM 366640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
termsvc REG_MULTI_SZ TermServices
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = 192.168.1.1/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6BBC32C8-FFBF-4F63-88B5-2659BBC4849A}: NameServer = 192.168.1.1,194.98.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2484283&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://finderquery.com/?clid=&prt=finderquerybho&tmp=finderquery_results&keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49758
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://finderquery.com/?tmp=redir_bho_bing&prt=whitesmokefqbho&keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 07:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BB-98DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82AE531B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\windows\AGRSMMSG.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-25 07:35:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 11:35
ComboFix2.txt 2011-08-24 22:25
.
Pre-Run: 2,180,087,808 bytes free
Post-Run: 2,193,932,288 bytes free
.
- - End Of File - - 905B3770AAEC41D997426A566F1F202B
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was my error I missed a bracket :) Stop OTL and then run this proper fix

Lets re-run the fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (TermServices)
    SRV - File not found [Auto | Stopped] -- -- (PolicyAgent3232)
    SRV - File not found [Auto | Stopped] -- -- (PolicyAgent32)
    SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
    SRV - File not found [Auto | Stopped] -- -- (Messenger32)
    SRV - File not found [Auto | Stopped] -- -- (LPDSVC32)
    SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Service)
    SRV - File not found [Auto | Stopped] -- -- (hkmsvc32)
    SRV - File not found [Auto | Stopped] -- -- (ERSvc32)
    SRV - File not found [Auto | Stopped] -- -- (COMSysApp32)
    SRV - File not found [Auto | Stopped] -- -- (ClipSrv32)
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 1B 6B 10 12 EC BF 48 89 F5 A6 13 B0 51 3C FC [binary data]
    IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..keyword.URL: "http://finderquery.c...qbho&keywords="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 49758
    FF - prefs.js..network.proxy.type: 0
    FF - user.js..keyword.URL: "http://finderquery.c...qbho&keywords="
    FF - user.js..keyword.enabled: 1
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#8
thegruesome2some

thegruesome2some

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Oh ok I was wondering what happened lol. Just to update you I am still having the same problem with svchost.

OTL logfile created on: 8/25/2011 10:46:13 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Josh Rosen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 44.96 Mb Available Physical Memory | 8.79% Memory free
1.32 Gb Paging File | 0.86 Gb Available in Paging File | 65.47% Paging File free
Paging file location(s): C:\pagefile.sys 868 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.07 Gb Free Space | 14.81% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 92.77 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: VALUED-3253602F | User Name: Josh Rosen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
PRC - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 15:56:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe
PRC - [2011/06/29 15:56:37 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe
PRC - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 17:16:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
PRC - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
PRC - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/29 15:56:41 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 5\mozjs.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/02/02 22:15:28 | 003,771,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2008/07/26 08:40:21 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/10 09:57:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 21:38:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 08:40:21 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/01 21:53:48 | 000,495,705 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/06/30 20:38:40 | 001,196,032 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/06/30 20:35:22 | 000,925,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/06/24 17:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/06/23 23:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 14:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/10 09:58:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/10 09:58:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/09/20 20:00:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/12 21:46:14 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 13:44:04 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/04 17:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/08/29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/06/13 15:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 08:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 192.168.1.1/
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "The Pirate Bay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {45951541-C9B7-4273-BBAA-05EDDFD1A808}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://finderquery.c...ults&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}: C:\Documents and Settings\STEVE Rosen\Local Settings\Application Data\{D7A95476-DE83-4CDE-99DD-F0CA02E17CC0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 5\components [2011/06/29 15:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{45951541-C9B7-4273-BBAA-05EDDFD1A808}: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\{45951541-C9B7-4273-BBAA-05EDDFD1A808}

[2008/08/27 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Extensions
[2011/08/24 18:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\extensions
[2011/01/13 15:58:04 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Josh Rosen\Application Data\Mozilla\Firefox\Profiles\yci6udvb.default\searchplugins\ebay.xml
[2010/09/11 13:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSH ROSEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YCI6UDVB.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2008/10/28 15:12:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/24 18:42:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/27 22:51:31 | 000,000,000 | ---D | M] (FinderQuery Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2011/07/27 22:51:28 | 000,000,000 | ---D | M] (IspAssistant Extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 5\EXTENSIONS\[email protected]
[2009/02/10 18:58:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/08/25 10:34:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe (Support.com, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec....trl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec....rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} c:\program files\yahoo!\installs\ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROSENSCOMP
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/13 23:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3742696663-1054570913-656968943-1007\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 08:27:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/24 17:51:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/24 17:48:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/24 17:48:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/24 17:48:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/24 17:48:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/24 17:48:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/24 17:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/24 17:47:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Josh Rosen\My Documents\My Videos
[2011/08/24 17:46:44 | 004,182,373 | R--- | C] (Swearware) -- C:\Documents and Settings\Josh Rosen\Desktop\ComboFix.exe
[2011/08/24 17:29:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/24 13:59:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Josh Rosen\Recent
[2011/08/24 13:53:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/08/25 10:39:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/25 10:38:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 10:34:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/25 07:10:30 | 004,182,373 | R--- | M] (Swearware) -- C:\Documents and Settings\Josh Rosen\Desktop\ComboFix.exe
[2011/08/24 17:51:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/08/24 13:53:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Rosen\Desktop\OTL.exe
[2011/08/24 13:41:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/12 07:28:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2011/08/24 17:51:48 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/08/24 17:51:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/24 17:48:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/24 17:48:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/24 17:48:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/24 17:48:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/24 17:48:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/23 00:20:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/11 18:38:58 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/06/25 18:30:10 | 000,059,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/17 21:00:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/01/06 21:50:57 | 000,996,213 | ---- | C] () -- C:\Program Files\OpinionResearchPanel.mht
[2007/05/10 17:09:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/24 14:33:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/04/24 14:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/04/22 22:30:58 | 000,116,460 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/04/22 22:30:57 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/13 12:29:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/20 22:22:38 | 000,000,292 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/02/09 16:48:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2006/02/09 16:48:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AADL.exe
[2006/02/09 16:48:45 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2006/02/04 14:32:44 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Josh Rosen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 16:06:09 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2005/11/05 11:56:17 | 000,002,895 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/09 13:34:43 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/08/09 13:34:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/08/01 21:05:51 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/29 21:29:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/15 15:30:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/15 15:30:37 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/15 15:26:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/15 15:25:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/08/15 15:23:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/08/15 15:21:10 | 000,014,691 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/14 21:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/14 20:31:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/14 20:29:04 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/08/14 20:28:34 | 000,289,128 | ---- | C] () -- C:\WINDOWS\q329390.exe
[2003/08/14 20:28:26 | 000,495,464 | ---- | C] () -- C:\WINDOWS\q329115.exe
[2003/08/14 20:25:39 | 000,381,288 | ---- | C] () -- C:\WINDOWS\q329048.exe
[2003/08/14 20:25:32 | 000,214,888 | ---- | C] () -- C:\WINDOWS\q329834.exe
[2003/08/14 20:25:00 | 000,711,528 | ---- | C] () -- C:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
[2003/08/14 20:21:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/08/14 20:19:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 23:12:16 | 000,000,808 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 23:09:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/13 23:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/13 22:59:36 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/08/13 22:59:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/13 22:59:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/13 22:59:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/08/13 22:58:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/08/13 22:58:18 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/13 22:58:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2003/08/13 22:58:08 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/13 22:58:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/13 22:58:08 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/13 22:58:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/13 22:58:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/13 22:58:07 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/13 22:58:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/13 22:58:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/13 22:58:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/13 22:58:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/13 22:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/13 16:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/13 16:03:16 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/27 07:49:26 | 000,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/08/29 20:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/08 12:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/02/02 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Asphyxia
[2010/09/11 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mD06511KoCjF06511
[2008/11/02 12:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2006/12/20 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/15 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/02/19 15:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/24 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeatherStudio Desktop
[2010/06/06 00:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/18 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2005/12/16 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\.bittorrent
[2006/02/24 22:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\acccore
[2007/03/02 10:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Aim
[2009/07/05 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Azureus
[2010/05/20 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Data Protection
[2006/06/21 14:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Digital Asphyxia
[2009/02/10 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Foxit
[2011/04/27 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\FrostWire
[2007/04/26 13:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Image Zone Express
[2005/11/02 23:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Nova Development
[2008/12/28 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\PlayFirst
[2010/09/11 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\QuickScan
[2010/04/11 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\RadioBar
[2005/11/02 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Serif
[2006/02/28 20:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Thunderbird
[2009/07/27 11:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\uTorrent
[2008/03/02 04:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\Viewpoint
[2007/02/04 19:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Rosen\Application Data\WeatherStudio Desktop

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\firewall.cpl:SummaryInformation

< End of report >
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As some of that malware was quite old I will now search further back in time

How is the computer behaving now, is there any improvement ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP