Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Numerous Random Tabs Open in Firefox

Started by usp97 , Nov 11 2011 08:17 PM

  • Please log in to reply

#1
usp97
Posted 11 November 2011 - 08:17 PM

usp97

    Member

  • Member
  • PipPip
  • 42 posts
Hello,

I want to thank everyone in advance. I've used this forum in the past and everyone has always been helpful. I'm usually extremely careful with what I download and run, but every once in a while I make a mistake. I'm not sure exactly when it happened, but some time in the past week Firefox started opening on its own and opening numerous random tabs. It makes Firefox and eventually my hard drive freeze. Also, the hard drive seems to be continuously working, but it's difficult to say if that is because of the virus/spyware/malware or not. My main PC died about 2 weeks ago. It suddenly turned off and back on, but never finished starting up. I took it for diagnostics, but they couldn't tell me anything since they couldn't get anything on the monitor. They said it smelled burnt, so the motherboard probably had a short and it wasn't worth fixing. Fortunately, the hard drive was not harmed, so I was able to swap it with the hard drive in my test computer. That is where it is now, with the Firefox issue. The test computer is much older and slower, so the continuously running hard drive might just be it working harder. Anyway, I bought a new laptop and have not scrapped the PC yet, just to make sure I have everything I need. I want to make sure it is clean before I transfer any more files. Here is the OTL log:

OTL logfile created on: 11/11/2011 9:05:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.48 Mb Available Physical Memory | 37.47% Memory free
2.47 Gb Paging File | 2.04 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 18.35 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive X: | 33.86 Gb Total Space | 0.68 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
Drive Y: | 33.86 Gb Total Space | 0.68 Gb Free Space | 2.00% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-SONY | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\385049707:2493189353.exe
PRC - [2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
PRC - [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/14 14:10:34 | 013,128,704 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/06/16 21:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 14:56:19 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/01 08:07:02 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/22 09:30:34 | 000,421,888 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.7.dll
MOD - [2011/09/19 02:59:14 | 000,465,632 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2011/09/14 14:01:12 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2011/09/14 14:01:00 | 000,346,624 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2011/09/14 14:00:22 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll
MOD - [2011/09/14 14:00:20 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll
MOD - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/16 21:40:38 | 000,034,128 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2011/06/16 21:40:30 | 000,045,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2011/06/16 21:40:14 | 000,128,336 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2011/06/16 21:39:52 | 000,023,872 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2003/07/29 09:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/16 21:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/22 20:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 14:20:54 | 000,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2001/08/17 12:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14597
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: unplug1@compunach:1.6.07
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/29 07:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 08:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/02 22:14:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions
[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions\[email protected]
[2011/11/11 21:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions
[2011/01/23 10:14:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/03 14:10:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/07 19:47:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/23 09:48:44 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2011/10/10 19:38:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/01/23 09:48:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/23 09:48:41 | 000,000,000 | ---D | M] (Linky) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\[email protected]
[2011/11/11 21:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\staged
[2011/09/11 20:28:43 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\beemp3.xml
[2009/05/12 18:57:20 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\shareminercom.xml
[2011/10/29 08:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/02 12:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/29 08:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{7EE8902C-75BE-4286-A6CE-0C483607A322}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
[2011/01/23 18:21:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 08:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 20:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Music Beta = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\1.0_0\
CHR - Extension: Music Beta = C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\2.0_0\

O1 HOSTS File: ([2011/03/24 18:56:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [MusicManager] C:\Documents and Settings\Matthew\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1295664741281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38F8FEEF-E7C6-42CD-9E8E-A15D86593349}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB53D7B-8B08-4E75-8CC4-9B4BA21DD06F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Matthew\Local Settings\Application Data\6b64f316\X) -C:\Documents and Settings\Matthew\Local Settings\Application Data\6b64f316\X ()
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 17:20:37 | 000,027,856 | ---- | M] () - C:\Auto Repairs.xlsx -- [ NTFS ]
O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/11 21:04:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/07 05:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/05 20:20:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew\Recent
[2011/11/03 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\TechHit
[2011/11/03 21:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\TechHit.com
[2011/11/03 21:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Start Menu\Programs\MessageSave
[2011/11/02 22:31:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/02 22:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/02 22:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/02 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/11/02 22:02:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\6b64f316
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Thunderbird
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Thunderbird
[2011/10/29 08:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/29 07:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/25 21:18:47 | 000,000,000 | ---D | C] -- C:\Mom & Dad's Computer
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Guitar Pro 6
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/10/22 20:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 6
[2011/10/15 08:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/15 08:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 08:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/15 08:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/15 08:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 22:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Torrent Episode Downloader
[2011/01/23 18:32:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matthew\Application Data\pcouffin.sys
[2003/12/01 19:28:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/11 20:53:07 | 000,484,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 20:53:07 | 000,080,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 20:52:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 20:52:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 20:52:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\385049707
[2011/11/11 20:52:52 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 22:13:40 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3966106147-3845353513-3885494602-1005UA.job
[2011/11/10 19:37:50 | 000,000,384 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/11/10 05:12:20 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3966106147-3845353513-3885494602-1005Core.job
[2011/11/09 20:16:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/08 13:32:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 21:23:15 | 000,015,364 | -H-- | M] () -- C:\.DS_Store
[2011/11/05 20:19:18 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/04 22:28:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/02 22:15:15 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/02 22:15:14 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/10/31 13:16:15 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\Google Chrome.lnk
[2011/10/31 13:16:15 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/29 11:08:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/28 21:50:33 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 21:04:11 | 093,216,011 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:21 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:33 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\vso_ts_preview.xml
[2011/10/28 20:07:12 | 000,023,729 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:58 | 000,019,027 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:57:03 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/10/20 19:09:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 19:08:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 08:21:40 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/13 14:53:41 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/02 22:43:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/02 22:15:14 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/02 22:15:14 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2011/11/02 22:15:12 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/02 22:07:26 | 000,138,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/02 22:02:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\385049707
[2011/11/02 20:50:56 | 000,015,364 | -H-- | C] () -- C:\.DS_Store
[2011/11/01 21:37:20 | 000,002,088 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Migration Assistant.lnk
[2011/10/30 17:09:21 | 535,896,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/28 21:32:29 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 20:55:51 | 093,216,011 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:22 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:12 | 000,023,729 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:57 | 000,019,027 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:39:01 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/10/15 08:21:40 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/15 20:38:26 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\DVDRipper_sysquict.dat
[2011/07/11 19:02:06 | 000,005,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\M5633.bin
[2011/07/02 08:54:02 | 000,232,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/14 18:41:57 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\vso_ts_preview.xml
[2011/06/07 18:37:43 | 000,047,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/02 10:14:51 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/03/27 09:20:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/24 06:28:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/24 06:28:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/24 06:28:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/24 06:28:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/24 06:28:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/22 19:08:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/02 20:16:54 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 18:32:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.cat
[2011/01/23 18:32:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.inf
[2011/01/23 09:48:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/21 22:48:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/21 22:12:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/01/21 21:29:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/03/15 15:38:28 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2007/03/15 15:37:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/12/02 15:44:25 | 000,000,890 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/02 15:37:24 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/02 15:03:45 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/02 15:01:48 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 14:49:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/01 20:37:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/01 20:34:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/01 19:28:56 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/01 19:28:21 | 000,484,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/01 19:28:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/01 19:28:21 | 000,080,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/01 19:28:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/01 19:28:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/01 19:28:20 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/01 19:28:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/01 19:28:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/01 19:28:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/01 19:28:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/01 19:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/01 12:32:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/01 12:31:42 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe

========== LOP Check ==========

[2011/03/27 18:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/25 19:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/02 22:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/27 19:34:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/22 20:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/11/02 22:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/30 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/08/14 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2011/08/28 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/02/07 08:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/01/23 10:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/16 21:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\avidemux
[2011/03/27 09:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\CheckPoint
[2011/08/15 20:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Digiarty
[2011/08/27 20:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Downloaded Installations
[2011/08/16 21:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\DVDVideoSoft
[2011/08/16 21:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\DVDVideoSoftIEHelpers
[2011/06/28 19:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\FixerLabs
[2011/10/22 20:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Guitar Pro 6
[2011/06/30 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\motorola
[2011/08/28 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Nitro PDF
[2011/03/21 20:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Notepad++
[2011/11/02 22:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Thunderbird
[2011/02/07 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\TomTom
[2011/10/28 20:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Vso
[2011/11/09 20:16:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/21 00:19:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\385049707:2493189353.exe
@Alternate Data Stream - 60 bytes -> C:\.DS_Store:AFP_AfpInfo

< End of report >

Thank you again,
Matthew
  • 0

Advertisements

#2
usp97
Posted 11 November 2011 - 08:38 PM

usp97

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Quick addition to the original post. It just happened again and the browser opened to uniquesearchsystem.com.
  • 0

#3
Nedklaw
Posted 12 November 2011 - 11:58 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, usp97! :yes:

:) I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for usp97 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and will post back soon.
  • 0

#4
Nedklaw
Posted 12 November 2011 - 01:36 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
You are infected with the ZeroAccess rootkit.


Step 1

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • 0

#5
usp97
Posted 12 November 2011 - 07:22 PM

usp97

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thank you for helping me. I want to note something before I add the logs you requested. Since I didn't see your reply as quickly as I have in the past, I attempted to solve the problem on my own. I fully understand that your posts are being reviewed and I have no problem with that, but I was impatient. Anyway, I happened to run the Kaspersky TSDDKiller on my own. On top of that, when I ran the ComboFix, like you asked, it hung up so I had to run it a second time. I actually started ComboFix, watched it start its scan, went out to dinner, returned and it wasn't finished. I am going to post the 2 logs for you, but if you need me to start over with OTL, just let me know. Thank you for your help.

ComboFix:

ComboFix 11-11-12.04 - Matthew 11/12/2011 19:40:54.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.291 [GMT -5:00]
Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matthew\Application Data\inst.exe
c:\documents and settings\Matthew\Application Data\vso_ts_preview.xml
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\U
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\U\80000000.@
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\U\800000cb.@
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\U\800000cf.@
c:\windows\385049707
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\help\wmplayer.bak
c:\windows\jestertb.dll
c:\windows\system32\
c:\windows\windowsmedia-kb828026-x86-enu.exe
c:\windows\windowsmedia9-kb819639-x86-enu.exe
c:\windows\windowsxp-kb817611-x86-enu.exe
c:\windows\windowsxp-kb822827-x86-enu.exe
c:\windows\windowsxp-kb823182-x86-enu.exe
c:\windows\windowsxp-kb824105-x86-enu.exe
c:\windows\windowsxp-kb824141-x86-enu.exe
c:\windows\windowsxp-kb824146-x86-enu.exe
c:\windows\windowsxp-kb825119-x86-enu.exe
c:\windows\windowsxp-kb825121-x86-enu.exe
c:\windows\windowsxp-kb826939-x86-enu.exe
c:\windows\windowsxp-kb826959-x86-enu.exe
c:\windows\windowsxp-kb828035-x86-enu.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-12 17:28 . 2011-11-12 17:28 -------- d-----w- C:\$AVG
2011-11-12 17:11 . 2011-11-12 17:11 -------- d-----w- c:\documents and settings\Matthew\Application Data\AVG2012
2011-11-12 16:31 . 2008-02-28 18:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2011-11-12 16:26 . 2011-11-12 16:26 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-12 15:52 . 2011-11-12 16:34 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-12 15:37 . 2011-11-12 15:38 -------- d-----w- c:\documents and settings\Matthew\Application Data\QuickScan
2011-11-12 02:36 . 2011-11-12 15:30 -------- d-----w- c:\program files\STOPzilla!
2011-11-12 02:36 . 2011-11-12 02:36 -------- d-----w- c:\program files\Common Files\iS3
2011-11-12 02:36 . 2011-11-12 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-11-04 05:11 . 2011-11-04 05:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-04 05:10 . 2011-11-04 05:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-11-04 02:16 . 2011-11-04 02:16 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\TechHit
2011-11-03 03:02 . 2011-11-13 00:50 -------- d-sh--w- c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316
2011-11-03 02:19 . 2011-11-03 03:15 -------- d-----w- c:\documents and settings\Matthew\Application Data\Thunderbird
2011-11-03 02:19 . 2011-11-03 02:19 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Thunderbird
2011-10-29 13:54 . 2011-10-29 13:54 -------- d-----w- c:\program files\Common Files\Java
2011-10-29 13:30 . 2011-10-03 06:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 13:30 . 2011-10-03 09:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-29 01:43 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-29 01:43 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2011-10-29 01:43 . 2008-04-13 17:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-10-29 01:43 . 2008-04-13 17:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-10-29 01:42 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-10-29 01:42 . 2001-08-17 17:28 871388 ----a-w- c:\windows\system32\drivers\BCMDM.sys
2011-10-26 02:18 . 2011-10-26 02:18 -------- d-----w- C:\Mom & Dad's Computer
2011-10-23 01:39 . 2011-11-12 16:14 -------- d-----w- c:\documents and settings\Matthew\Application Data\Guitar Pro 6
2011-10-23 01:39 . 2011-10-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
2011-10-15 13:20 . 2011-11-12 16:22 -------- d-----w- c:\program files\iPod
2011-10-15 13:16 . 2011-10-15 13:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 17:28 . 2011-03-21 15:17 64416 ----a-w- c:\windows\system32\NLSSRV32.EXE
2011-11-12 17:28 . 2004-03-04 16:26 174592 ----a-w- c:\windows\system32\LEXPPS.EXE
2011-11-12 17:28 . 2004-03-04 16:30 308120 ----a-w- c:\windows\system32\LEXBCES.EXE
2011-11-12 16:59 . 2003-12-02 00:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-12 16:12 . 2011-01-23 23:32 47360 ----a-w- c:\documents and settings\Matthew\Application Data\pcouffin.sys
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 09:06 . 2011-01-23 23:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 15:41 . 2009-10-08 19:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-12-02 00:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-12-02 00:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2003-12-02 20:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-12-02 00:28 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2003-12-02 00:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-12-02 00:28 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-12-02 00:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2003-12-02 00:28 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:07 . 2011-07-02 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...4efc46900184ab" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2011-1-21 315392]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 64416]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/23/2011 6:32 PM 47360]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/1/2003 7:28 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-21 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-02 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
uInternet Settings,ProxyOverride = 192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-TPSvc - TPSvc.dll
SafeBoot-46124694.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(296)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-12 20:12:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-13 01:12
.
Pre-Run: 28,441,321,472 bytes free
Post-Run: 28,796,547,072 bytes free
.
- - End Of File - - E4206B26DDD1FA2EF0D5512C10131615

TDSSKiller:

20:14:53.0468 0944 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
20:14:53.0578 0944 ============================================================
20:14:53.0578 0944 Current date / time: 2011/11/12 20:14:53.0578
20:14:53.0578 0944 SystemInfo:
20:14:53.0578 0944
20:14:53.0578 0944 OS Version: 5.1.2600 ServicePack: 3.0
20:14:53.0578 0944 Product type: Workstation
20:14:53.0578 0944 ComputerName: MATTHEW-SONY
20:14:53.0578 0944 UserName: Matthew
20:14:53.0578 0944 Windows directory: C:\WINDOWS
20:14:53.0578 0944 System windows directory: C:\WINDOWS
20:14:53.0578 0944 Processor architecture: Intel x86
20:14:53.0578 0944 Number of processors: 1
20:14:53.0578 0944 Page size: 0x1000
20:14:53.0578 0944 Boot type: Normal boot
20:14:53.0578 0944 ============================================================
20:14:54.0625 0944 Initialize success
20:15:49.0453 3680 ============================================================
20:15:49.0453 3680 Scan started
20:15:49.0453 3680 Mode: Manual; SigCheck; TDLFS;
20:15:49.0453 3680 ============================================================
20:15:51.0343 3680 Abiosdsk - ok
20:15:51.0421 3680 abp480n5 - ok
20:15:51.0562 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:15:52.0390 3680 ACPI - ok
20:15:52.0515 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:15:52.0671 3680 ACPIEC - ok
20:15:52.0781 3680 adpu160m - ok
20:15:52.0906 3680 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:15:52.0953 3680 aeaudio - ok
20:15:53.0078 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:15:53.0234 3680 aec - ok
20:15:53.0359 3680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:15:53.0406 3680 AFD - ok
20:15:53.0578 3680 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:15:53.0718 3680 AgereSoftModem - ok
20:15:53.0843 3680 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:15:54.0000 3680 agp440 - ok
20:15:54.0093 3680 Aha154x - ok
20:15:54.0171 3680 aic78u2 - ok
20:15:54.0250 3680 aic78xx - ok
20:15:54.0343 3680 AliIde - ok
20:15:54.0406 3680 amsint - ok
20:15:54.0531 3680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:15:54.0687 3680 Arp1394 - ok
20:15:54.0781 3680 asc - ok
20:15:54.0859 3680 asc3350p - ok
20:15:54.0937 3680 asc3550 - ok
20:15:55.0078 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:15:55.0234 3680 AsyncMac - ok
20:15:55.0359 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:15:55.0500 3680 atapi - ok
20:15:55.0593 3680 Atdisk - ok
20:15:55.0750 3680 ati2mtag (f72b6633a6f796cfe04cae038cb77418) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:15:55.0843 3680 ati2mtag - ok
20:15:55.0984 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:15:56.0156 3680 Atmarpc - ok
20:15:56.0265 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:15:56.0421 3680 audstub - ok
20:15:56.0546 3680 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:15:56.0593 3680 AVGIDSDriver - ok
20:15:56.0734 3680 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:15:56.0734 3680 AVGIDSEH - ok
20:15:56.0875 3680 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:15:56.0875 3680 AVGIDSFilter - ok
20:15:57.0000 3680 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:15:57.0015 3680 AVGIDSShim - ok
20:15:57.0140 3680 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:15:57.0156 3680 Avgldx86 - ok
20:15:57.0281 3680 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:15:57.0296 3680 Avgmfx86 - ok
20:15:57.0421 3680 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:15:57.0421 3680 Avgrkx86 - ok
20:15:57.0546 3680 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:15:57.0578 3680 Avgtdix - ok
20:15:57.0734 3680 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
20:15:57.0968 3680 BCMModem - ok
20:15:58.0093 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:15:58.0250 3680 Beep - ok
20:15:58.0359 3680 BTCFilterService - ok
20:15:58.0359 3680 catchme - ok
20:15:58.0468 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:15:58.0656 3680 cbidf2k - ok
20:15:58.0796 3680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:15:58.0953 3680 CCDECODE - ok
20:15:59.0046 3680 cd20xrnt - ok
20:15:59.0156 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:15:59.0312 3680 Cdaudio - ok
20:15:59.0437 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:15:59.0593 3680 Cdfs - ok
20:15:59.0718 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:15:59.0875 3680 Cdrom - ok
20:15:59.0953 3680 Changer - ok
20:16:00.0046 3680 CmdIde - ok
20:16:00.0140 3680 Cpqarray - ok
20:16:00.0234 3680 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:16:00.0281 3680 ctsfm2k - ok
20:16:00.0375 3680 dac2w2k - ok
20:16:00.0453 3680 dac960nt - ok
20:16:00.0578 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:16:00.0750 3680 Disk - ok
20:16:00.0906 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:16:01.0125 3680 dmboot - ok
20:16:01.0234 3680 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:16:01.0406 3680 DMICall - ok
20:16:01.0531 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:16:01.0703 3680 dmio - ok
20:16:01.0828 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:16:01.0984 3680 dmload - ok
20:16:02.0109 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:16:02.0265 3680 DMusic - ok
20:16:02.0375 3680 dpti2o - ok
20:16:02.0484 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:16:02.0640 3680 drmkaud - ok
20:16:02.0750 3680 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS\system32\DRIVERS\e1000325.sys
20:16:02.0812 3680 E1000 - ok
20:16:02.0921 3680 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:16:02.0953 3680 E100B - ok
20:16:03.0078 3680 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:16:03.0250 3680 EL90XBC - ok
20:16:03.0390 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:16:03.0546 3680 Fastfat - ok
20:16:03.0687 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:16:03.0828 3680 Fdc - ok
20:16:03.0953 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:16:04.0109 3680 Fips - ok
20:16:04.0234 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:16:04.0390 3680 Flpydisk - ok
20:16:04.0515 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:16:04.0687 3680 FltMgr - ok
20:16:04.0796 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:16:04.0968 3680 Fs_Rec - ok
20:16:05.0062 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:16:05.0234 3680 Ftdisk - ok
20:16:05.0359 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:16:05.0375 3680 GEARAspiWDM - ok
20:16:05.0500 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:16:05.0656 3680 Gpc - ok
20:16:05.0750 3680 hpn - ok
20:16:05.0875 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:16:05.0921 3680 HTTP - ok
20:16:06.0031 3680 i2omgmt - ok
20:16:06.0109 3680 i2omp - ok
20:16:06.0218 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:16:06.0375 3680 i8042prt - ok
20:16:06.0484 3680 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:16:06.0593 3680 ialm - ok
20:16:06.0734 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:16:06.0906 3680 Imapi - ok
20:16:07.0015 3680 ini910u - ok
20:16:07.0109 3680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:16:07.0265 3680 IntelIde - ok
20:16:07.0375 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:16:07.0515 3680 intelppm - ok
20:16:07.0656 3680 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:16:07.0812 3680 ip6fw - ok
20:16:07.0906 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:16:08.0062 3680 IpFilterDriver - ok
20:16:08.0187 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:16:08.0343 3680 IpInIp - ok
20:16:08.0453 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:16:08.0609 3680 IpNat - ok
20:16:08.0765 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:16:08.0921 3680 IPSec - ok
20:16:09.0046 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:16:09.0203 3680 IRENUM - ok
20:16:09.0343 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:16:09.0500 3680 isapnp - ok
20:16:09.0640 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:16:09.0796 3680 Kbdclass - ok
20:16:09.0921 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:16:10.0062 3680 kmixer - ok
20:16:10.0203 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:16:10.0281 3680 KSecDD - ok
20:16:10.0390 3680 lbrtfdc - ok
20:16:10.0515 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:16:10.0671 3680 mnmdd - ok
20:16:10.0796 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:16:10.0953 3680 Modem - ok
20:16:11.0078 3680 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:16:11.0234 3680 MODEMCSA - ok
20:16:11.0328 3680 motandroidusb - ok
20:16:11.0406 3680 motccgp - ok
20:16:11.0484 3680 motccgpfl - ok
20:16:11.0562 3680 motmodem - ok
20:16:11.0656 3680 MotoSwitchService - ok
20:16:11.0734 3680 Motousbnet - ok
20:16:11.0843 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:16:12.0000 3680 Mouclass - ok
20:16:12.0125 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:16:12.0281 3680 MountMgr - ok
20:16:12.0359 3680 mraid35x - ok
20:16:12.0468 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:16:12.0625 3680 MRxDAV - ok
20:16:12.0765 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:16:12.0875 3680 MRxSmb - ok
20:16:13.0046 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:16:13.0203 3680 Msfs - ok
20:16:13.0328 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:16:13.0484 3680 MSKSSRV - ok
20:16:13.0625 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:16:13.0765 3680 MSPCLOCK - ok
20:16:13.0890 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:16:14.0046 3680 MSPQM - ok
20:16:14.0171 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:16:14.0312 3680 mssmbios - ok
20:16:14.0453 3680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:16:14.0609 3680 MSTEE - ok
20:16:14.0718 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:16:14.0781 3680 Mup - ok
20:16:14.0921 3680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:16:15.0078 3680 NABTSFEC - ok
20:16:15.0234 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:16:15.0390 3680 NDIS - ok
20:16:15.0515 3680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:16:15.0671 3680 NdisIP - ok
20:16:15.0781 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:16:15.0828 3680 NdisTapi - ok
20:16:15.0984 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:16:16.0125 3680 Ndisuio - ok
20:16:16.0250 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:16:16.0406 3680 NdisWan - ok
20:16:16.0500 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:16:16.0562 3680 NDProxy - ok
20:16:16.0734 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:16:16.0875 3680 NetBIOS - ok
20:16:17.0015 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:16:17.0171 3680 NetBT - ok
20:16:17.0328 3680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:16:17.0484 3680 NIC1394 - ok
20:16:17.0625 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:16:17.0796 3680 Npfs - ok
20:16:17.0953 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:16:18.0250 3680 Ntfs - ok
20:16:18.0390 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:16:18.0546 3680 Null - ok
20:16:18.0703 3680 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:16:18.0953 3680 nv - ok
20:16:19.0078 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:16:19.0234 3680 NwlnkFlt - ok
20:16:19.0343 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:16:19.0500 3680 NwlnkFwd - ok
20:16:19.0640 3680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:16:19.0796 3680 ohci1394 - ok
20:16:19.0921 3680 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:16:19.0937 3680 ossrv - ok
20:16:20.0093 3680 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
20:16:20.0218 3680 P16X - ok
20:16:20.0359 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:16:20.0515 3680 Parport - ok
20:16:20.0640 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:16:20.0781 3680 PartMgr - ok
20:16:20.0890 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:16:21.0046 3680 ParVdm - ok
20:16:21.0171 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:16:21.0328 3680 PCI - ok
20:16:21.0406 3680 PCIDump - ok
20:16:21.0515 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:16:21.0671 3680 PCIIde - ok
20:16:21.0796 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:16:21.0984 3680 Pcmcia - ok
20:16:22.0109 3680 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:16:22.0109 3680 pcouffin ( UnsignedFile.Multi.Generic ) - warning
20:16:22.0109 3680 pcouffin - detected UnsignedFile.Multi.Generic (1)
20:16:22.0203 3680 PDCOMP - ok
20:16:22.0281 3680 PDFRAME - ok
20:16:22.0359 3680 PDRELI - ok
20:16:22.0437 3680 PDRFRAME - ok
20:16:22.0515 3680 perc2 - ok
20:16:22.0593 3680 perc2hib - ok
20:16:22.0765 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:16:22.0906 3680 PptpMiniport - ok
20:16:23.0031 3680 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:16:23.0171 3680 Processor - ok
20:16:23.0296 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:16:23.0453 3680 PSched - ok
20:16:23.0562 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:16:23.0734 3680 Ptilink - ok
20:16:23.0828 3680 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:16:23.0843 3680 PxHelp20 - ok
20:16:23.0937 3680 ql1080 - ok
20:16:24.0015 3680 Ql10wnt - ok
20:16:24.0093 3680 ql12160 - ok
20:16:24.0171 3680 ql1240 - ok
20:16:24.0234 3680 ql1280 - ok
20:16:24.0343 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:16:24.0515 3680 RasAcd - ok
20:16:24.0656 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:16:24.0828 3680 Rasl2tp - ok
20:16:24.0953 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:16:25.0109 3680 RasPppoe - ok
20:16:25.0218 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:16:25.0359 3680 Raspti - ok
20:16:25.0500 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:16:25.0703 3680 Rdbss - ok
20:16:25.0812 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:16:25.0968 3680 RDPCDD - ok
20:16:26.0109 3680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:16:26.0171 3680 RDPWD - ok
20:16:26.0312 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:16:26.0468 3680 redbook - ok
20:16:26.0562 3680 RimUsb - ok
20:16:26.0687 3680 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:16:26.0734 3680 RimVSerPort - ok
20:16:26.0859 3680 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:16:27.0031 3680 ROOTMODEM - ok
20:16:27.0187 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:16:27.0343 3680 Secdrv - ok
20:16:27.0468 3680 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:16:27.0625 3680 Serenum - ok
20:16:27.0734 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:16:27.0890 3680 Serial - ok
20:16:28.0046 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:16:28.0203 3680 Sfloppy - ok
20:16:28.0296 3680 Simbad - ok
20:16:28.0421 3680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:16:28.0578 3680 SLIP - ok
20:16:28.0734 3680 smrt (9bb8a2957071abd9460a7ee0976e09b3) C:\WINDOWS\system32\DRIVERS\smrt.sys
20:16:28.0828 3680 smrt - ok
20:16:28.0984 3680 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
20:16:29.0031 3680 smwdm - ok
20:16:29.0140 3680 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:16:29.0296 3680 SONYPVU1 - ok
20:16:29.0390 3680 Sparrow - ok
20:16:29.0500 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:16:29.0640 3680 splitter - ok
20:16:29.0781 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:16:29.0937 3680 sr - ok
20:16:30.0078 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:16:30.0171 3680 Srv - ok
20:16:30.0343 3680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:16:30.0500 3680 streamip - ok
20:16:30.0593 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:16:30.0765 3680 swenum - ok
20:16:30.0875 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:16:31.0031 3680 swmidi - ok
20:16:31.0125 3680 symc810 - ok
20:16:31.0203 3680 symc8xx - ok
20:16:31.0281 3680 SymIM - ok
20:16:31.0359 3680 SymIMMP - ok
20:16:31.0437 3680 sym_hi - ok
20:16:31.0515 3680 sym_u3 - ok
20:16:31.0609 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:16:31.0781 3680 sysaudio - ok
20:16:31.0953 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:16:32.0062 3680 Tcpip - ok
20:16:32.0203 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:16:32.0359 3680 TDPIPE - ok
20:16:32.0484 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:16:32.0640 3680 TDTCP - ok
20:16:32.0750 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:16:32.0890 3680 TermDD - ok
20:16:33.0000 3680 TosIde - ok
20:16:33.0125 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:16:33.0281 3680 Udfs - ok
20:16:33.0375 3680 ultra - ok
20:16:33.0500 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:16:33.0687 3680 Update - ok
20:16:33.0843 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:16:33.0984 3680 usbccgp - ok
20:16:34.0093 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:16:34.0265 3680 usbehci - ok
20:16:34.0375 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:16:34.0531 3680 usbhub - ok
20:16:34.0625 3680 Usblink - ok
20:16:34.0734 3680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:16:34.0890 3680 usbprint - ok
20:16:35.0000 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:16:35.0156 3680 USBSTOR - ok
20:16:35.0250 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:16:35.0406 3680 usbuhci - ok
20:16:35.0515 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:16:35.0671 3680 VgaSave - ok
20:16:35.0750 3680 ViaIde - ok
20:16:35.0875 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:16:36.0015 3680 VolSnap - ok
20:16:36.0171 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:16:36.0328 3680 Wanarp - ok
20:16:36.0484 3680 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:16:36.0531 3680 Wdf01000 - ok
20:16:36.0640 3680 WDICA - ok
20:16:36.0765 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:16:36.0921 3680 wdmaud - ok
20:16:37.0109 3680 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:16:37.0171 3680 WpdUsb - ok
20:16:37.0343 3680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:16:37.0500 3680 WSTCODEC - ok
20:16:37.0625 3680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:16:37.0687 3680 WudfPf - ok
20:16:37.0812 3680 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:16:37.0828 3680 WUDFRd - ok
20:16:38.0031 3680 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
20:16:38.0062 3680 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:16:38.0187 3680 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
20:16:38.0218 3680 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:16:38.0250 3680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:16:38.0421 3680 \Device\Harddisk0\DR0 - ok
20:16:38.0421 3680 Boot (0x1200) (007c54a9040bf2a2fa9d7bd666859f54) \Device\Harddisk0\DR0\Partition0
20:16:38.0421 3680 \Device\Harddisk0\DR0\Partition0 - ok
20:16:38.0437 3680 ============================================================
20:16:38.0437 3680 Scan finished
20:16:38.0437 3680 ============================================================
20:16:38.0578 0740 Detected object count: 1
20:16:38.0578 0740 Actual detected object count: 1
20:16:44.0875 0740 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:44.0875 0740 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:07.0750 2564 Deinitialize success
  • 0

#6
Nedklaw
Posted 13 November 2011 - 11:29 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it: 

Folder:: 
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316
 
Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
 
DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
uInternet Settings,ProxyOverride = 192.168.*.*

Firefox::
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\
FF - prefs.js: browser.search.defaulturl -

ADS::
C:\WINDOWS\385049707:2493189353.exe


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

  • Open OTL.
    • Select "Scan All Users".
    • Under the Extra Registry box check Use Safelist.
    • Under the Custom Scan box paste this in:

      netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
  • Click the Run Scan button. Post the logs produced in your next reply.

Things I want to see in your next reply

  • ComboFix.txt
  • OTL.txt
  • Extras.txt
  • 0

#7
usp97
Posted 13 November 2011 - 08:00 PM

usp97

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Here are the logs you requested.

ComboFix:

ComboFix 11-11-13.03 - Matthew 11/13/2011 20:31:53.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.265 [GMT -5:00]
Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matthew\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\@
c:\documents and settings\Matthew\Local Settings\Application Data\6b64f316\loader.tlb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-13 03:32 . 2011-11-13 03:32 -------- d-----w- c:\windows\LastGood
2011-11-13 01:40 . 2011-11-13 03:41 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Western Digital
2011-11-12 17:28 . 2011-11-12 17:28 -------- d-----w- C:\$AVG
2011-11-12 17:11 . 2011-11-12 17:11 -------- d-----w- c:\documents and settings\Matthew\Application Data\AVG2012
2011-11-12 16:31 . 2008-02-28 18:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2011-11-12 16:26 . 2011-11-12 16:26 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-11-12 15:52 . 2011-11-12 16:34 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-12 15:37 . 2011-11-12 15:38 -------- d-----w- c:\documents and settings\Matthew\Application Data\QuickScan
2011-11-12 02:36 . 2011-11-12 15:30 -------- d-----w- c:\program files\STOPzilla!
2011-11-12 02:36 . 2011-11-12 02:36 -------- d-----w- c:\program files\Common Files\iS3
2011-11-12 02:36 . 2011-11-12 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-11-04 05:11 . 2011-11-04 05:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-04 05:10 . 2011-11-04 05:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-11-04 02:16 . 2011-11-04 02:16 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\TechHit
2011-11-03 02:19 . 2011-11-03 03:15 -------- d-----w- c:\documents and settings\Matthew\Application Data\Thunderbird
2011-11-03 02:19 . 2011-11-03 02:19 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Thunderbird
2011-10-29 13:54 . 2011-10-29 13:54 -------- d-----w- c:\program files\Common Files\Java
2011-10-29 13:30 . 2011-10-03 06:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-29 13:30 . 2011-10-03 09:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-29 01:43 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-29 01:43 . 2001-08-17 17:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2011-10-29 01:43 . 2008-04-13 17:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-10-29 01:43 . 2008-04-13 17:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-10-29 01:42 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-10-29 01:42 . 2001-08-17 17:28 871388 ----a-w- c:\windows\system32\drivers\BCMDM.sys
2011-10-26 02:18 . 2011-10-26 02:18 -------- d-----w- C:\Mom & Dad's Computer
2011-10-23 01:39 . 2011-11-12 16:14 -------- d-----w- c:\documents and settings\Matthew\Application Data\Guitar Pro 6
2011-10-23 01:39 . 2011-10-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
2011-10-15 13:20 . 2011-11-12 16:22 -------- d-----w- c:\program files\iPod
2011-10-15 13:16 . 2011-10-15 13:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 17:28 . 2011-03-21 15:17 64416 ----a-w- c:\windows\system32\NLSSRV32.EXE
2011-11-12 17:28 . 2004-03-04 16:26 174592 ----a-w- c:\windows\system32\LEXPPS.EXE
2011-11-12 17:28 . 2004-03-04 16:30 308120 ----a-w- c:\windows\system32\LEXBCES.EXE
2011-11-12 16:59 . 2003-12-02 00:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-12 16:12 . 2011-01-23 23:32 47360 ----a-w- c:\documents and settings\Matthew\Application Data\pcouffin.sys
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 09:06 . 2011-01-23 23:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 15:41 . 2009-10-08 19:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-12-02 00:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-12-02 00:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2003-12-02 20:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-12-02 00:28 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2003-12-02 00:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-12-02 00:28 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-12-02 00:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2003-12-02 00:28 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:07 . 2011-07-02 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...4efc46900184ab" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2011-1-21 315392]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 64416]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/23/2011 6:32 PM 47360]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/1/2003 7:28 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97677228
*Deregistered* - 97677228
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-21 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-12-02 00:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-13 20:46:11
ComboFix-quarantined-files.txt 2011-11-14 01:46
ComboFix2.txt 2011-11-13 01:12
.
Pre-Run: 28,664,946,688 bytes free
Post-Run: 28,651,802,624 bytes free
.
- - End Of File - - DA2E077B580E0F92B305B88E58171535

OTL:

OTL logfile created on: 11/13/2011 8:52:17 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 242.63 Mb Available Physical Memory | 47.48% Memory free
2.47 Gb Paging File | 2.04 Gb Available in Paging File | 82.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.71 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-SONY | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2005/01/06 02:51:46 | 000,048,128 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL
MOD - [2005/01/06 02:50:48 | 000,085,504 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL
MOD - [2004/02/03 14:59:16 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCICUR.DLL
MOD - [2004/02/03 14:56:38 | 000,198,144 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL
MOD - [2003/07/29 09:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/22 20:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 14:20:54 | 000,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2001/08/17 12:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.comcast.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: unplug1@compunach:1.6.07
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 0

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/12 12:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/29 07:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 08:30:43 | 000,000,000 | ---D | M]

[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions
[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions\[email protected]
[2011/11/12 10:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions
[2011/01/23 10:14:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/03 14:10:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/07 19:47:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2011/10/10 19:38:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/11/12 10:37:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/23 09:48:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/23 09:48:41 | 000,000,000 | ---D | M] (Linky) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\[email protected]
[2011/09/11 20:28:43 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\beemp3.xml
[2009/05/12 18:57:20 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\shareminercom.xml
[2011/10/29 08:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/02 12:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/29 08:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{7EE8902C-75BE-4286-A6CE-0C483607A322}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 12:09:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/01/23 18:21:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 08:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 20:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/13 20:40:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1295664741281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38F8FEEF-E7C6-42CD-9E8E-A15D86593349}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB53D7B-8B08-4E75-8CC4-9B4BA21DD06F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 17:20:37 | 000,027,856 | ---- | M] () - C:\Auto Repairs.xlsx -- [ NTFS ]
O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 22:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/12 20:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Western Digital
[2011/11/12 20:14:42 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew\Desktop\tdsskiller.exe
[2011/11/12 19:38:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/12 16:54:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Matthew\Start Menu\Programs\Administrative Tools
[2011/11/12 16:54:24 | 004,292,963 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
[2011/11/12 12:28:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/12 12:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\AVG2012
[2011/11/12 12:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/12 11:31:28 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2011/11/12 10:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/12 10:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\QuickScan
[2011/11/11 21:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/11/11 21:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/11 21:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/11 21:04:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/07 05:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/05 20:20:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew\Recent
[2011/11/03 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\TechHit
[2011/11/02 22:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/02 22:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Thunderbird
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Thunderbird
[2011/10/29 08:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/29 08:30:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/29 08:30:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/29 08:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/29 08:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/28 20:43:28 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/10/28 20:43:08 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/25 21:18:47 | 000,000,000 | ---D | C] -- C:\Mom & Dad's Computer
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Guitar Pro 6
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/10/15 08:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/15 08:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/01/23 18:32:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matthew\Application Data\pcouffin.sys
[2003/12/01 19:28:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 20:40:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/13 20:29:58 | 004,292,963 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
[2011/11/13 18:05:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/11/13 09:01:29 | 109,616,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/12 20:14:42 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew\Desktop\tdsskiller.exe
[2011/11/12 20:04:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/12 20:04:58 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\NLSSRV32.EXE
[2011/11/12 11:34:28 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/12 11:31:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Matthew\.rnd
[2011/11/12 11:12:41 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Matthew\Application Data\pcouffin.sys
[2011/11/12 11:12:41 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.cat
[2011/11/12 11:12:41 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.inf
[2011/11/12 10:48:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/12 10:32:13 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\housecall.guid.cache
[2011/11/12 02:58:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/11 20:53:07 | 000,484,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 20:53:07 | 000,080,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 20:52:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/05 21:23:15 | 000,015,364 | -H-- | M] () -- C:\.DS_Store
[2011/10/28 21:50:33 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 21:04:11 | 093,216,011 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:21 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:12 | 000,023,729 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:58 | 000,019,027 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:57:03 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/10/20 19:09:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 19:08:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/12 11:31:28 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2011/11/12 10:32:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\housecall.guid.cache
[2011/11/12 10:20:40 | 535,896,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:43:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/02 22:07:26 | 000,273,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/02 20:50:56 | 000,015,364 | -H-- | C] () -- C:\.DS_Store
[2011/10/28 21:32:29 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 20:55:51 | 093,216,011 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:22 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:12 | 000,023,729 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:57 | 000,019,027 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:39:01 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/08/15 20:38:26 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\DVDRipper_sysquict.dat
[2011/07/11 19:02:06 | 000,005,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\M5633.bin
[2011/07/02 08:54:02 | 000,232,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/07 18:37:43 | 000,047,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/27 09:20:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/24 06:28:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/24 06:28:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/24 06:28:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/24 06:28:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/24 06:28:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/22 19:08:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/02 20:16:54 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 18:32:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.cat
[2011/01/23 18:32:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.inf
[2011/01/23 09:48:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/21 22:48:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/21 22:12:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/01/21 21:29:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/03/15 15:38:28 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2007/03/15 15:37:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/12/02 15:44:25 | 000,000,890 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/02 15:37:24 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/02 15:03:45 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/02 15:01:48 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 14:49:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/01 20:37:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/01 20:34:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/01 19:28:56 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/01 19:28:21 | 000,484,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/01 19:28:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/01 19:28:21 | 000,080,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/01 19:28:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/01 19:28:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/01 19:28:20 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/01 19:28:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/01 19:28:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/01 19:28:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/01 19:28:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/01 19:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/01 12:32:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/01 12:31:42 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/01 08:07:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/01 08:07:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\.DS_Store:AFP_AfpInfo

< End of report >

Extras:

OTL Extras logfile created on: 11/13/2011 8:52:17 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 242.63 Mb Available Physical Memory | 47.48% Memory free
2.47 Gb Paging File | 2.04 Gb Available in Paging File | 82.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.71 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-SONY | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe" = C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PROSet" = Intel® PRO Network Adapters and Drivers
"Samsung_SEDG" = Samsung Video Codec 1.2.5009 Uninstall
"SyncBack_is1" = SyncBack
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2011 10:45:48 PM | Computer Name = MATTHEW-SONY | Source = Bonjour Service | ID = 100
Description =

Error - 11/1/2011 10:45:50 PM | Computer Name = MATTHEW-SONY | Source = Bonjour Service | ID = 100
Description =

Error - 11/2/2011 11:27:06 PM | Computer Name = MATTHEW-SONY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- The
installer has encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 2755. The arguments are:
1601, C:\WINDOWS\Installer\2e11021c.msi,

Error - 11/2/2011 11:27:12 PM | Computer Name = MATTHEW-SONY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- The
installer has encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 2755. The arguments are:
1601, C:\WINDOWS\Installer\a03e11d.msi,

Error - 11/2/2011 11:39:42 PM | Computer Name = MATTHEW-SONY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- The
installer has encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 2755. The arguments are:
1601, C:\Documents and Settings\All Users\Application Data\MFAData\pack\COREx86.msi,


Error - 11/3/2011 1:22:41 AM | Computer Name = MATTHEW-SONY | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.3.0, faulting
module unknown, version 0.0.0.0, fault address 0x028abb40.

Error - 11/3/2011 7:13:45 AM | Computer Name = MATTHEW-SONY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 8.0.6001.19154, fault address 0x000ec6c5.

Error - 11/3/2011 10:02:01 AM | Computer Name = MATTHEW-SONY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 8.0.6001.19154, fault address 0x000b01f6.

Error - 11/6/2011 1:07:13 PM | Computer Name = MATTHEW-SONY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 8.0.6001.19154, fault address 0x0007270e.

Error - 11/6/2011 6:00:40 PM | Computer Name = MATTHEW-SONY | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.3.0, faulting
module unknown, version 0.0.0.0, fault address 0x01ec305c.

[ System Events ]
Error - 11/12/2011 12:41:26 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/12/2011 12:45:26 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 12:45:26 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 12:45:26 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 12:45:41 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 12:45:44 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 12:48:49 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 11/12/2011 1:00:25 PM | Computer Name = MATTHEW-SONY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 11/12/2011 5:48:41 PM | Computer Name = MATTHEW-SONY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 11/12/2011 11:35:44 PM | Computer Name = MATTHEW-SONY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.


< End of report >
  • 0

#8
Nedklaw
Posted 15 November 2011 - 03:36 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Have the tabs stopped randomly appearing in Firefox? Are you experiencing any other problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/08/02 12:57:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 60 bytes -> C:\.DS_Store:AFP_AfpInfo 

:Reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"="0"
 
:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

#9
usp97
Posted 15 November 2011 - 07:24 PM

usp97

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The tabs seemed to have stopped, but I haven't been leaving the computer on as much while we get it cleaned out. Also, when I moved the hard drive to the old computer, I had a problem with AVG 2012. I finally have it corrected and installed, so that might be helping the issue as well. I will run the new scans you requested and post them. Thank you again for your help.
  • 0

#10
usp97
Posted 16 November 2011 - 07:15 PM

usp97

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL Fix Log:

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\System32\lMMLDeleteUserData42107612FX.tmp deleted successfully.
ADS C:\.DS_Store:AFP_AfpInfo deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|"0" /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9650310 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 330687 bytes
->Java cache emptied: 43033 bytes
->FireFox cache emptied: 43860036 bytes
->Flash cache emptied: 2444 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 401646 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Matthew
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_202636

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Log:

OTL logfile created on: 11/15/2011 8:33:29 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 247.09 Mb Available Physical Memory | 48.35% Memory free
2.47 Gb Paging File | 2.17 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.64 Gb Free Space | 17.88% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-SONY | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/20 13:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2003/07/29 09:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/22 20:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 14:20:54 | 000,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2001/08/17 12:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3966106147-3845353513-3885494602-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.comcast.net"

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/12 12:09:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/29 07:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 08:30:43 | 000,000,000 | ---D | M]

[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions
[2011/02/07 08:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Extensions\[email protected]
[2011/11/15 20:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions
[2011/01/23 10:14:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/03 14:10:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/09/07 19:47:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2011/10/10 19:38:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/01/23 09:48:45 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/11/12 10:37:16 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/23 09:48:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/23 09:48:41 | 000,000,000 | ---D | M] (Linky) -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\extensions\[email protected]
[2011/09/11 20:28:43 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\beemp3.xml
[2009/05/12 18:57:20 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\wypnxbag.default\searchplugins\shareminercom.xml
[2011/10/29 08:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 08:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{7EE8902C-75BE-4286-A6CE-0C483607A322}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATTHEW\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WYPNXBAG.DEFAULT\EXTENSIONS\[email protected]
[2011/11/12 12:09:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/01/23 18:21:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/01 08:07:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 20:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/15 20:26:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3966106147-3845353513-3885494602-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3966106147-3845353513-3885494602-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3966106147-3845353513-3885494602-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1295664741281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38F8FEEF-E7C6-42CD-9E8E-A15D86593349}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB53D7B-8B08-4E75-8CC4-9B4BA21DD06F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 17:20:37 | 000,027,856 | ---- | M] () - C:\Auto Repairs.xlsx -- [ NTFS ]
O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 20:26:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/15 20:26:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/12 20:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Western Digital
[2011/11/12 20:14:42 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew\Desktop\tdsskiller.exe
[2011/11/12 19:38:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/12 16:54:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Matthew\Start Menu\Programs\Administrative Tools
[2011/11/12 16:54:24 | 004,292,963 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
[2011/11/12 12:28:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/12 12:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\AVG2012
[2011/11/12 12:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/12 10:52:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/12 10:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\QuickScan
[2011/11/11 21:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/11/11 21:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/11 21:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/11 21:04:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/07 05:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/05 20:20:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew\Recent
[2011/11/03 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\TechHit
[2011/11/02 22:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/02 22:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Local Settings\Application Data\Thunderbird
[2011/11/02 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Thunderbird
[2011/10/29 08:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2011/10/28 20:42:23 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/25 21:18:47 | 000,000,000 | ---D | C] -- C:\Mom & Dad's Computer
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew\Application Data\Guitar Pro 6
[2011/10/22 20:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/01/23 18:32:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Matthew\Application Data\pcouffin.sys
[2003/12/01 19:28:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/11/15 20:28:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/15 20:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 20:28:41 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/15 20:26:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/15 18:56:07 | 109,857,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/13 20:29:58 | 004,292,963 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
[2011/11/13 18:05:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/11/12 20:14:42 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew\Desktop\tdsskiller.exe
[2011/11/12 12:28:51 | 000,064,416 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\NLSSRV32.EXE
[2011/11/12 11:34:28 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/12 11:31:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Matthew\.rnd
[2011/11/12 11:12:41 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Matthew\Application Data\pcouffin.sys
[2011/11/12 11:12:41 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.cat
[2011/11/12 11:12:41 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.inf
[2011/11/12 10:48:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/12 10:32:13 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\housecall.guid.cache
[2011/11/12 02:58:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/11 21:04:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTL.exe
[2011/11/11 20:53:07 | 000,484,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 20:53:07 | 000,080,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 21:23:15 | 000,015,364 | -H-- | M] () -- C:\.DS_Store
[2011/10/28 21:50:33 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 21:04:11 | 093,216,011 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:21 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:12 | 000,023,729 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:58 | 000,019,027 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:57:03 | 267,386,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/10/20 19:09:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 19:08:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/11/12 11:31:28 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2011/11/12 10:32:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\housecall.guid.cache
[2011/11/12 10:20:40 | 535,896,064 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:43:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/02 22:07:26 | 000,273,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/02 20:50:56 | 000,015,364 | -H-- | C] () -- C:\.DS_Store
[2011/10/28 21:32:29 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part2.rar
[2011/10/28 20:55:51 | 093,216,011 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part3.rar
[2011/10/28 20:44:22 | 000,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/10/28 20:44:18 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/10/28 20:07:12 | 000,023,729 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5 Cropped 4x3 .jpg
[2011/10/28 20:05:57 | 000,019,027 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\MV5BMTY2MDE3NTU2Ml5BMl5BanBnXkFtZTYwNjk1NTQ5._V1._SY317_.jpg
[2011/10/28 19:39:01 | 267,386,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\The.Nightmare.Before.Christmas.1993.720p.BRRip.x264.-.Kickassddl.part1.rar
[2011/08/15 20:38:26 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\DVDRipper_sysquict.dat
[2011/07/11 19:02:06 | 000,005,358 | ---- | C] () -- C:\WINDOWS\System32\drivers\M5633.bin
[2011/07/02 08:54:02 | 000,232,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/07 18:37:43 | 000,047,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/27 09:20:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/24 06:28:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/24 06:28:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/24 06:28:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/24 06:28:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/24 06:28:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/22 19:08:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/02 20:16:54 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 18:32:17 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.cat
[2011/01/23 18:32:17 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Matthew\Application Data\pcouffin.inf
[2011/01/23 09:48:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/21 22:48:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/21 22:12:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/01/21 21:29:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/03/15 15:38:28 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2007/03/15 15:37:24 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2003/12/02 15:44:25 | 000,000,890 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/02 15:40:09 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/12/02 15:37:24 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/12/02 15:03:45 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/12/02 15:01:48 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/12/02 15:01:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/02 14:49:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2003/12/01 20:53:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/01 20:39:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/01 20:37:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/01 20:34:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/01 19:28:56 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/12/01 19:28:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/12/01 19:28:51 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/12/01 19:28:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/12/01 19:28:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/12/01 19:28:40 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/01 19:28:21 | 000,484,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/12/01 19:28:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/12/01 19:28:21 | 000,080,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/12/01 19:28:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/12/01 19:28:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/12/01 19:28:20 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/12/01 19:28:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/01 19:28:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/12/01 19:28:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/12/01 19:28:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/12/01 19:28:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/01 12:32:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/01 12:31:42 | 000,228,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/04/02 20:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe

========== LOP Check ==========

[2011/03/27 18:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/25 19:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/11/12 16:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/27 19:34:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/22 20:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/11/15 18:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/30 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/08/14 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2011/08/28 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/11/12 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/02/07 08:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/01/23 10:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/12 12:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AVG2012
[2011/08/16 21:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\avidemux
[2011/03/27 09:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\CheckPoint
[2011/08/15 20:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Digiarty
[2011/08/27 20:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Downloaded Installations
[2011/08/16 21:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\DVDVideoSoft
[2011/08/16 21:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\DVDVideoSoftIEHelpers
[2011/06/28 19:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\FixerLabs
[2011/11/12 11:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Guitar Pro 6
[2011/06/30 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\motorola
[2011/08/28 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Nitro PDF
[2011/11/12 11:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Notepad++
[2011/11/12 10:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\QuickScan
[2011/11/02 22:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Thunderbird
[2011/02/07 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\TomTom
[2011/11/12 11:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Vso
[2011/01/21 00:19:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job

========== Purity Check ==========



< End of report >

MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8171

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2011 8:46:03 PM
mbam-log-2011-11-15 (20-46-03).txt

Scan type: Quick scan
Objects scanned: 151345
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a33711bde78c294e9e2579bbcdfb0d34
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-16 05:50:09
# local_time=2011-11-16 12:50:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 3498410 3498410 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=75409
# found=10
# cleaned=10
# scan_time=6944
C:\My Documents\Docs\Cracked Programs\UNLOCKER1.9.0.EXE.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\6b64f316\U\[email protected] a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\6b64f316\U\[email protected] probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP415\A0049405.old Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP416\A0049581.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP425\A0055057.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP428\A0055510.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP430\A0055835.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP431\A0056067.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{45892D38-A0BF-43F9-8C9F-96715222A8FE}\RP441\A0057835.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
  • 0

#11
Nedklaw
Posted 19 November 2011 - 06:44 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Your are running low on hard drive space. I recommend you uninstall any programs you don't want or need to free up some space.


Step 2

The minimum amount of RAM recommended for Windows XP is 512MB. However, I recommend you have at least 1 GB of RAM.

  • Please visit Crucial System Scanner.
  • Check the box to agree with the Terms and Conditions and click Download the Scanner.
  • Run the scanner and it will suggest RAM modules which you can consider buying to increase the amount of RAM you have.

I recommend you invest in a RAM module in the near future because it can help increase your computer speed.


Step 3

Congratultions your logs look clean! :) :) :)
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.0.1.152) and Adobe Shockwave Player (11.6.1.629) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :yes:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP