Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Auto Updates not working after EXE Hijack [Solved]


  • This topic is locked This topic is locked

#1
Shessar

Shessar

    New Member

  • Member
  • Pip
  • 5 posts
Last night, my husband got what I believe to be an exe hijack virus on his system. He was unable to run any anti-malware software, but when he restarted the system AVG found "something" (his words) and afterwards he was able to update and run SuperAntiSpyware, MalwareBytes, and AVG. He said that both Malwarebytes ans SuperAntiSpyware found problems and he let them clean them up. After restarting he again ran the two programs as well as AVG rootkit detector and a virus scan. Everything came out clean but windows firewall and windows update were no longer working. I was able to start the firewall again but automatic updates will not restart. It shows as being activated in the control panel, but the security center is warning that it is not active.

I still have some of the logs from his cleanup attempts but some seem to have been overwritten. I'll post what I have if you need them.

Thank you so much for your help!

Here are the OTL logs

OTL logfile created on: 12/12/2011 6:41:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rob & Gerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 485.31 Mb Available Physical Memory | 47.42% Memory free
2.89 Gb Paging File | 2.47 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2036 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 184.80 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 152.31 Gb Free Space | 99.30% Space Free | Partition Type: NTFS

Computer Name: HOME-DESKTOP | User Name: Rob & Gerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 06:37:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
PRC - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/12 05:50:35 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/03 06:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/14 22:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [1998/11/24 01:00:00 | 000,042,496 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
PRC - [1996/12/08 23:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1996/12/08 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/12 05:50:35 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/12 05:50:35 | 000,692,224 | ---- | M] () -- C:\Program Files\AVG Secure Search\iGearedHelper.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2004/01/22 20:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1998/11/24 01:00:00 | 000,042,496 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
MOD - [1996/12/08 23:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1996/12/08 23:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1996/12/08 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 06:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/10 04:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 10:45:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2006/01/10 21:43:04 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/08/18 20:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/18 21:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/05 14:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 14:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/05/22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd)
DRV - [2001/08/17 12:50:20 | 000,114,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epstw2k.sys -- (epstw2k)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/05 20:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/12 05:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/30 11:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 10:38:40 | 000,000,000 | ---D | M]

[2009/08/24 06:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Extensions
[2010/10/13 07:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\6bclkweo.Gerry\extensions
[2010/10/12 07:37:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\6bclkweo.Gerry\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 08:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\e331erfe.Gerry\extensions
[2009/08/26 11:15:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\e331erfe.Gerry\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 11:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\pxv7azk6.Rob\extensions
[2010/08/31 20:40:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\pxv7azk6.Rob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\utp9nayf.Rob\extensions
[2010/04/27 19:15:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\utp9nayf.Rob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 06:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\yn7i7qkc.default\extensions
[2009/08/24 06:51:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\yn7i7qkc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/05 16:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\zimlo4h3.Default User\extensions
[2011/02/05 16:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\zimlo4h3.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 11:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/29 09:08:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2011/10/30 11:57:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/12 05:50:34 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/30 11:57:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/10/08 07:01:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Rob & Gerry\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Rob & Gerry\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BF55C0-70A9-419D-A4F4-3EDA1F3DFF15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 15:19:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 06:37:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
[2011/12/12 05:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG Secure Search
[2011/12/12 05:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/12 05:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 05:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/09 10:06:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rob & Gerry\Recent

========== Files - Modified Within 30 Days ==========

[2011/12/12 06:37:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
[2011/12/12 05:56:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 05:54:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 05:49:59 | 140,224,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/11 21:06:12 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/11 18:15:49 | 000,189,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/11 18:01:13 | 000,001,442 | -HS- | M] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\8eej288vmrbxtprh8tner438wq0b3
[2011/12/11 18:01:13 | 000,001,442 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8eej288vmrbxtprh8tner438wq0b3
[2011/12/05 20:15:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/11/27 14:52:44 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/11 18:01:12 | 000,001,442 | -HS- | C] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\8eej288vmrbxtprh8tner438wq0b3
[2011/12/11 18:01:12 | 000,001,442 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8eej288vmrbxtprh8tner438wq0b3
[2011/10/30 12:39:09 | 000,000,291 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/06/02 18:19:01 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/16 09:37:52 | 000,280,468 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/16 09:37:50 | 000,280,468 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/16 09:37:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/01 11:13:40 | 000,000,159 | ---- | C] () -- C:\WINDOWS\render.ini
[2011/03/01 11:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2011/03/01 11:02:33 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2010/09/03 13:47:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/26 10:30:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/04/01 20:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\prvlcl.dat
[2009/12/31 15:21:44 | 000,000,898 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/20 18:36:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 11:05:33 | 000,000,303 | ---- | C] () -- C:\WINDOWS\hpccopy.INI
[2009/11/01 15:26:42 | 000,006,728 | ---- | C] () -- C:\WINDOWS\WPQC60US.DAT
[2009/08/26 12:05:51 | 000,001,047 | ---- | C] () -- C:\WINDOWS\wtapi.ini
[2009/08/26 10:22:16 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\hpsj1695.dll
[2009/08/26 10:22:15 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/08/26 10:22:15 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/08/24 14:10:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\ICE_JNIRegistry.dll
[2009/08/24 11:59:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/24 11:49:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2009/08/24 10:19:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/08/23 11:28:10 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 15:42:50 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/08/22 15:42:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/08/22 15:31:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/08/22 15:31:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/22 15:31:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/08/22 15:26:52 | 000,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/08/22 15:26:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/22 15:26:17 | 000,005,705 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/22 15:26:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/22 15:23:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/08/22 15:20:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/22 15:17:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/22 11:11:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/22 11:10:30 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 07:01:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/08 07:01:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/08 07:01:47 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/08 07:01:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/08 07:01:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/08 07:01:47 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/08 07:01:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/08 07:01:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/08 07:01:47 | 000,004,666 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/08 07:01:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/08 07:01:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/08 07:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/08 07:01:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/13 06:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[1996/12/08 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/08 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/12/12 06:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/05/26 18:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/12/11 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 10:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 10:16:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/24 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/26 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/25 14:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/08/24 12:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4FC70900-BE37-4EAD-A05F-87EF8E05E584}
[2009/08/24 12:26:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{70718236-E606-46D2-96C2-F09B86C72371}
[2009/08/24 11:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{70894C4E-4E43-4915-B8E3-EF0484FA92D5}
[2009/08/24 12:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{81253287-9BFF-417A-9EC6-3BFED01195A3}
[2010/08/06 14:21:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{875315A4-3F2D-41AF-B97D-945D9BF7A061}
[2009/08/24 12:52:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C288D3A5-9B5A-4B99-BC32-2B399A104C3E}
[2011/05/13 11:23:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEFE73E7-0D94-4638-BC11-3E6A962216C0}
[2009/08/24 12:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E44C7752-42D1-4A4F-B745-A08EBBAFF250}
[2009/08/24 12:42:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E785BD2E-BDAA-496A-A33C-DBAF7FF81E29}
[2011/12/12 05:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG Secure Search
[2010/10/19 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG10
[2010/10/13 06:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG9
[2009/08/25 12:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\Leadertech
[2009/08/25 14:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\My Battle for Middle-earth Files
[2009/12/22 14:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\My Games
[2011/07/04 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\Petroglyph
[2011/03/09 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\TS3Client

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >




OTL Extras logfile created on: 12/12/2011 6:41:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rob & Gerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 485.31 Mb Available Physical Memory | 47.42% Memory free
2.89 Gb Paging File | 2.47 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2036 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 184.80 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 152.31 Gb Free Space | 99.30% Space Free | Partition Type: NTFS

Computer Name: HOME-DESKTOP | User Name: Rob & Gerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- ()
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Disabled:Medieval_TW -- (Creative Assembly)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\Dune 2000\DUNE2000.DAT" = C:\Program Files\Dune 2000\DUNE2000.DAT:*:Disabled:Dune2000 -- (Intelligent Games)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{13ED71DE-AC3D-437F-889A-D9CFCA9CC51F}" = Cartographer's Annual 2007
"{15824D14-3E74-4B0B-82F8-AE91EB8CFF3F}" = CC3
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2B7B87E3-90D5-4086-B921-31C24DF20166}" = AVG 2011
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B58E31C-2655-4C08-ADD3-F672548AC667}" = Symbol Set 1 v 3
"{501D475D-3D6F-43CA-BB12-079F77B9739F}" = Cartographer's Annual 2008
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{693DBC05-3E1A-493A-802D-E71E4F198BF8}" = CC3 Update 8
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6E409E01-05E1-415D-BE19-D6D8A5C50BF3}" = City Designer 3
"{7AA73AD2-ECEA-4BE9-A77B-5BF3080717AD}" = Symbol Set 2 v 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth ™
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A94A306F-05A5-4F73-99A6-BC98EBA36283}" = Dungeon Designer 3
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE64E9C-5E01-42D0-B0D5-7E8C54CD200D}" = CC3 Update 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D5B59B76-197F-4135-928E-042E21A5DDCC}" = AVG 2011
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe FrameMaker v5.1.1" = Adobe FrameMaker v5.1.1
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"AVG" = AVG 2011
"Cartographer's Annual 2007" = Cartographer's Annual 2007
"Cartographer's Annual 2008" = Cartographer's Annual 2008
"CC3" = CC3
"CC3 Update 10" = CC3 Update 10
"CC3 Update 8" = CC3 Update 8
"City Designer 3" = City Designer 3
"Dundjinni" = Dundjinni
"Dungeon Designer 3" = Dungeon Designer 3
"ERUNT_is1" = ERUNT 1.1j
"Excel" = Microsoft Excel 97
"Fallout" = Fallout
"FastCAD" = FastCAD
"FBIde_is1" = FBIde 0.4.6
"FreeBASIC" = FreeBASIC 0.20.0b
"HP PrecisionScan" = HP PrecisionScan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Medieval Total War" = Medieval Total War
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mplayer.com" = Mplayer.com
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PanzerGeneral" = Panzer General Version 1.2.0
"Red Alert 2" = Command & Conquer Red Alert 2
"Starfleet Command" = Starfleet Command
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Symbol Set 1 v 3" = Symbol Set 1 v 3
"Symbol Set 2 v 3" = Symbol Set 2 v 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Print Shop Suite 6.0" = The Print Shop® 6.0 Deluxe
"Ultima IX" = Ultima IX
"Warlords Battlecry" = Warlords Battlecry
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Word8.0" = Microsoft Word 97

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.95

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2011 8:11:58 PM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/8/2011 8:37:33 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application left4dead2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 8:43:06 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1455554815.

Error - 9/11/2011 3:48:06 PM | Computer Name = HOME-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application autorun.exe, version 0.0.0.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00009dda.

Error - 9/20/2011 9:38:56 AM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/1/2011 12:21:33 PM | Computer Name = HOME-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/1/2011 12:22:08 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application fcw32.exe, version 0.0.0.620, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2011 12:22:50 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1584903657.

Error - 10/2/2011 8:45:09 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application left4dead2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2011 8:52:12 PM | Computer Name = HOME-DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1455554815.

[ System Events ]
Error - 11/5/2011 12:28:41 PM | Computer Name = HOME-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/5/2011 12:28:43 PM | Computer Name = HOME-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/5/2011 4:04:02 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 11/6/2011 1:09:39 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 11/11/2011 11:16:49 AM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 11/11/2011 1:46:19 PM | Computer Name = HOME-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/11/2011 1:46:19 PM | Computer Name = HOME-DESKTOP | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/12/2011 8:02:56 AM | Computer Name = HOME-DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0015F24466E6 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/12/2011 8:04:14 AM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 11/12/2011 5:09:47 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will try to fix windows updates and then remove what malware I can see

Go to this MS page and run the fixit about halfway down for the first time run it in normal mode, if that does not fix it then run it again in the aggressive mode

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    [2011/12/11 18:01:13 | 000,001,442 | -HS- | M] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\8eej288vmrbxtprh8tner438wq0b3
    [2011/12/11 18:01:13 | 000,001,442 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8eej288vmrbxtprh8tner438wq0b3

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Shessar

Shessar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Essexboy! You're help is truely appreciated.

I ran the fix for the Windows Updates and it worked perfectly in the normal mode.

Here is the otl log after running the fix:

OTL logfile created on: 12/12/2011 6:49:07 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rob & Gerry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 490.15 Mb Available Physical Memory | 47.89% Memory free
2.89 Gb Paging File | 2.49 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 2036 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 184.78 Gb Free Space | 61.99% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 152.31 Gb Free Space | 99.30% Space Free | Partition Type: NTFS

Computer Name: HOME-DESKTOP | User Name: Rob & Gerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 06:37:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
PRC - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/12 05:50:35 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/03 06:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/14 22:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [1998/11/24 01:00:00 | 000,042,496 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
PRC - [1996/12/08 23:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1996/12/08 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/12 05:50:35 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/12 05:50:35 | 000,692,224 | ---- | M] () -- C:\Program Files\AVG Secure Search\iGearedHelper.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [1998/11/24 01:00:00 | 000,042,496 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
MOD - [1996/12/08 23:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1996/12/08 23:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1996/12/08 23:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/12/12 05:50:37 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 06:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/10 04:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 10:45:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2006/01/10 21:43:04 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/08/18 20:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/18 21:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/05 14:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 14:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/05/22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd)
DRV - [2001/08/17 12:50:20 | 000,114,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epstw2k.sys -- (epstw2k)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/05 20:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/12 05:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/30 11:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 10:38:40 | 000,000,000 | ---D | M]

[2009/08/24 06:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Extensions
[2010/10/13 07:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\6bclkweo.Gerry\extensions
[2010/10/12 07:37:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\6bclkweo.Gerry\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 08:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\e331erfe.Gerry\extensions
[2009/08/26 11:15:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\e331erfe.Gerry\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 11:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\pxv7azk6.Rob\extensions
[2010/08/31 20:40:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\pxv7azk6.Rob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\utp9nayf.Rob\extensions
[2010/04/27 19:15:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\utp9nayf.Rob\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 06:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\yn7i7qkc.default\extensions
[2009/08/24 06:51:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\yn7i7qkc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/05 16:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\zimlo4h3.Default User\extensions
[2011/02/05 16:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob & Gerry\Application Data\Mozilla\Firefox\Profiles\zimlo4h3.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 11:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/29 09:08:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2011/10/30 11:57:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/12 05:50:34 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/30 11:57:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/12/12 18:42:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Rob & Gerry\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Rob & Gerry\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BF55C0-70A9-419D-A4F4-3EDA1F3DFF15}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 15:19:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 18:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/12 06:37:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
[2011/12/12 05:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG Secure Search
[2011/12/12 05:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/12 05:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 05:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/09 10:06:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rob & Gerry\Recent

========== Files - Modified Within 30 Days ==========

[2011/12/12 18:48:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/12 18:47:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 18:42:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/12 06:37:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob & Gerry\Desktop\OTL.exe
[2011/12/12 05:49:59 | 140,224,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/11 21:06:12 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/11 18:15:49 | 000,189,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/05 20:15:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/11/27 14:52:44 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/10/30 12:39:09 | 000,000,291 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/06/02 18:19:01 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/16 09:37:52 | 000,280,468 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/16 09:37:50 | 000,280,468 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/16 09:37:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/01 11:13:40 | 000,000,159 | ---- | C] () -- C:\WINDOWS\render.ini
[2011/03/01 11:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2011/03/01 11:02:33 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2010/09/03 13:47:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/26 10:30:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/04/01 20:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\prvlcl.dat
[2009/12/31 15:21:44 | 000,000,898 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/11/20 18:36:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 11:05:33 | 000,000,303 | ---- | C] () -- C:\WINDOWS\hpccopy.INI
[2009/11/01 15:26:42 | 000,006,728 | ---- | C] () -- C:\WINDOWS\WPQC60US.DAT
[2009/08/26 12:05:51 | 000,001,047 | ---- | C] () -- C:\WINDOWS\wtapi.ini
[2009/08/26 10:22:16 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\hpsj1695.dll
[2009/08/26 10:22:15 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/08/26 10:22:15 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/08/24 14:10:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\ICE_JNIRegistry.dll
[2009/08/24 11:59:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/24 11:49:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Autorun.INI
[2009/08/24 10:19:09 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/08/23 11:28:10 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Rob & Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/22 15:42:50 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/08/22 15:42:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/08/22 15:31:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/08/22 15:31:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/22 15:31:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/08/22 15:26:52 | 000,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2009/08/22 15:26:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/22 15:26:17 | 000,005,705 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/22 15:26:15 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/22 15:23:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/08/22 15:20:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/22 15:17:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/22 11:11:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/22 11:10:30 | 000,388,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/08 07:01:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/08 07:01:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/08 07:01:47 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/08 07:01:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/08 07:01:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/08 07:01:47 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/08 07:01:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/08 07:01:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/08 07:01:47 | 000,004,666 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/08 07:01:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/08 07:01:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/08 07:01:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/08 07:01:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/13 06:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[1996/12/08 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/08 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/12/12 06:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/05/26 18:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/12/11 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/19 10:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/19 10:16:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/24 17:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/26 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/25 14:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/08/24 12:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4FC70900-BE37-4EAD-A05F-87EF8E05E584}
[2009/08/24 12:26:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{70718236-E606-46D2-96C2-F09B86C72371}
[2009/08/24 11:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{70894C4E-4E43-4915-B8E3-EF0484FA92D5}
[2009/08/24 12:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{81253287-9BFF-417A-9EC6-3BFED01195A3}
[2010/08/06 14:21:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{875315A4-3F2D-41AF-B97D-945D9BF7A061}
[2009/08/24 12:52:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C288D3A5-9B5A-4B99-BC32-2B399A104C3E}
[2011/05/13 11:23:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEFE73E7-0D94-4638-BC11-3E6A962216C0}
[2009/08/24 12:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E44C7752-42D1-4A4F-B745-A08EBBAFF250}
[2009/08/24 12:42:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E785BD2E-BDAA-496A-A33C-DBAF7FF81E29}
[2011/12/12 05:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG Secure Search
[2010/10/19 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG10
[2010/10/13 06:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\AVG9
[2009/08/25 12:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\Leadertech
[2009/08/25 14:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\My Battle for Middle-earth Files
[2009/12/22 14:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\My Games
[2011/07/04 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\Petroglyph
[2011/03/09 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob & Gerry\Application Data\TS3Client

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >
  • 0

#4
Shessar

Shessar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the log for aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 18:55:29
-----------------------------
18:55:29.687 OS Version: Windows 5.1.2600 Service Pack 3
18:55:29.687 Number of processors: 1 586 0x2F02
18:55:29.687 ComputerName: HOME-DESKTOP UserName: Rob & Gerry
18:55:30.437 Initialize success
18:55:54.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
18:55:54.062 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
18:55:54.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
18:55:54.062 Disk 1 Vendor: HDT722516DLA380 V43OA96A Size: 157066MB BusType: 3
18:55:54.093 Disk 0 MBR read successfully
18:55:54.093 Disk 0 MBR scan
18:55:54.093 Disk 0 Windows XP default MBR code
18:55:54.093 Disk 0 scanning sectors +625121280
18:55:54.187 Disk 0 scanning C:\WINDOWS\system32\drivers
18:55:59.812 Service scanning
18:56:00.734 Modules scanning
18:56:05.156 Disk 0 trace - called modules:
18:56:05.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
18:56:05.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86742ab8]
18:56:05.671 3 CLASSPNP.SYS[f761cfd7] -> nt!IofCallDriver -> \Device\0000006f[0x866fbf18]
18:56:05.671 5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> \Device\0000006d[0x866e3030]
18:56:05.671 Scan finished successfully
18:56:35.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rob & Gerry\Desktop\MBR.dat"
18:56:35.625 The log file has been saved successfully to "C:\Documents and Settings\Rob & Gerry\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
Shessar

Shessar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Everything seems to be running as normal. MBAM came up clean. Thank you!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/13/2011 2:02:05 PM
mbam-log-2011-12-13 (14-02-05).txt

Scan type: Quick scan
Objects scanned: 201493
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#8
Shessar

Shessar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I've followed your final instructions and after 6 hours of steady use everything is running perfectly.

Thanks for your help Essexboy! May your kindness be repaid a thousand times.

Thanks for the link to FileHippo too. That will make keeping software up to date a breeze. It is now installed on all of our family's computers. :thumbsup:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - keep safe now :wave:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP