Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not reply to this topic, WHITE DESK TOP.

Started by Fran7909 , Dec 28 2011 03:33 PM

Please log in to reply

#1
Fran7909

Posted 28 December 2011 - 03:33 PM

Member

Member
22 posts

Jintan was helping me.
I have run all the scans he ask for and for some reason I 'can not' reply, the ONLY thing I can do is start a new topic. I am signed in and I tryed deleting cookies. I'm Sorry.
My problem is very slow start up and my wall paper is gone, replaced with a white screen. Also computer is running slow. When I right click go to properties,desktop,the only thing highlighted is color. I have downloaded ran and uninsulated several programs, AVG, Avast, PC Matic. Spybot that I haven't uninsulated yet. I use Malwarebytes, Avast and CCleaner,
Thank you
Fran Hall
These are all the scans Jintan ask for.

Attached Files

OTL.Txt 96.44KB 77 downloads
Gmer 1.0.15.15641.log 35.72KB 137 downloads
aswMBR.txt 1.85KB 108 downloads

#2
Jintan

Posted 28 December 2011 - 06:15 PM

Trusted Helper

Malware Removal
904 posts

Thanks Essexboy for directing me to you new thread. I will paste the logs you attached for us to review here, but it is truly better if you copy/paste them in your reply. Very difficult to research as attachments. The Gmer log just shows Kaspersky (not Avast)and Pinnacle softwares, so I will skip posting it.

OTL logfile created on: 12/23/2011 8:36:27 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.40% Memory free
2.68 Gb Paging File | 2.27 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 856 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 68.39 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.26 Gb Free Space | 18.07% Space Free | Partition Type: FAT32

Computer Name: HAPPYBIRTHDAY | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv4SVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (HiWiredCore) -- C:\Program Files\HiWired\PC Check & Connect\HiWired.Client.Core.exe (HiWired Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MotorolaDAP) -- C:\WINDOWS\system32\MotorolaDAP.exe (Motorola Inc.)

========== Driver Services (SafeList) ==========

DRV - (MpKsl9a26706c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D937AD99-6C9A-468F-A235-1036D18DAC99}\MpKsl9a26706c.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 23:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 22:51:51 | 000,000,000 | ---D | M]

[2010/09/09 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2011/12/21 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions
[2009/01/10 20:00:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/13 20:05:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\[email protected]
[2011/11/16 23:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/27 22:35:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/11 21:12:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 14:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011/12/14 23:23:02 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/01/24 19:41:37 | 000,292,650 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10078 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Key error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.betterpho...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...aploader_v7.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06E9CC76-C311-4BC5-87E6-473692242E33}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCBB5F13-4832-4E6A-8ECF-2492CF901AF7}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19552BB-736C-4E01-B354-E801E391B1C7}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC23394F-AD85-4792-9D06-444A4A6F58E2}: DhcpNameServer = 216.97.170.4 216.97.170.5
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Vankning.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Vankning.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/30 17:56:52 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 20:33:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 16:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/22 21:05:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/12/22 12:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My muvees
[2011/12/21 23:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
[2011/12/20 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 22:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/12/19 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\MigWiz
[2011/12/19 14:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\adaware
[2011/12/19 13:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Bussinesss cards address lables
[2011/12/19 13:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\op photo res
[2011/12/18 11:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/18 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/12 18:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData
[2011/12/12 18:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started
[2011/12/12 18:17:08 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/12/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WinBatch
[2011/12/11 22:21:37 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
[2011/12/11 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/11 17:03:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/06 21:55:48 | 005,991,200 | ---- | C] (Siber Systems) -- C:\Documents and Settings\HP_Owner\My Documents\RoboForm-Desktop-Setup.exe
[2011/12/06 19:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\bussiness cards
[2011/12/02 22:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/04 20:12:29 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/10/13 12:44:34 | 004,351,608 | ---- | C] (W3i, LLC) -- C:\Program Files\gimp_9281.exe
[2006/01/31 22:35:07 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/23 20:56:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/23 20:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 20:35:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 19:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/23 19:18:06 | 000,475,874 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 19:18:06 | 000,085,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/12/23 19:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 19:13:19 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/12/23 16:43:03 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/23 12:10:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/12/22 20:37:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/22 17:43:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/22 15:29:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/22 10:31:04 | 000,009,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 04:53:44 | 000,295,042 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/20 23:58:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/20 18:47:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/12/19 20:41:10 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 20:41:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/19 19:59:38 | 000,000,268 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011/12/19 14:31:40 | 000,991,494 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/19 11:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/17 11:06:39 | 003,645,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 19:01:02 | 000,631,847 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/12 10:48:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2011/12/12 10:43:22 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\HP_Owner\default.pls
[2011/12/11 22:21:36 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:07:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/09 23:31:58 | 000,001,208 | ---- | M] () -- C:\WINDOWS\VFO.INI
[2011/12/06 23:17:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/12/06 19:42:31 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:26:40 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:40:32 | 000,330,807 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:16 | 006,310,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/28 18:19:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/11/27 13:14:45 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:46 | 000,421,289 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht

========== Files Created - No Company Name ==========

[2011/12/23 16:43:03 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/22 16:09:54 | 2138,624,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/22 15:29:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/21 04:53:44 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/21 00:02:56 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/20 23:57:44 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/19 14:31:40 | 000,991,494 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/18 11:56:14 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/12 19:01:01 | 000,631,847 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/11 22:07:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/06 19:42:31 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:22:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 22:22:20 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:22:04 | 000,330,807 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:08 | 006,310,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/27 13:14:44 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:44 | 000,421,289 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht
[2011/08/24 20:51:57 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/05 21:40:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/08/05 21:40:21 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/04 21:46:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/06/26 12:56:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/08 14:14:39 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe AIFF Format CS5 Prefs
[2010/09/28 09:34:36 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/09/28 09:16:18 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2010/09/28 09:14:55 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/09/28 09:14:55 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/09/28 09:14:55 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/09/28 09:14:55 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/09/28 09:14:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/06/15 20:24:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/11 16:52:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2010/01/05 21:33:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pepwnxfu.sys
[2010/01/04 16:21:57 | 000,114,692 | ---- | C] () -- C:\WINDOWS\Christmas and New Year 2005 Frames Pack Uninstaller.exe
[2010/01/03 13:06:09 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/12/30 10:24:19 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp
[2008/12/30 10:24:18 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\focus.tni
[2008/12/30 10:23:57 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_data_foc
[2008/12/30 10:23:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\data_foc
[2008/12/30 10:14:49 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dataz
[2008/12/17 19:47:50 | 000,083,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/24 23:22:59 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/04 13:05:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2008/09/04 13:05:03 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2008/09/04 13:04:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2008/07/20 13:18:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/26 11:28:58 | 001,175,372 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Install.dat
[2007/12/25 14:13:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/15 12:47:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/09/25 16:07:25 | 000,117,191 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/09/25 16:03:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/09/25 16:02:07 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/24 10:06:30 | 000,091,520 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/19 12:42:52 | 000,001,024 | ---- | C] () -- C:\WINDOWS\VueIcons.ini
[2007/07/23 19:20:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2007/02/27 23:50:58 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/27 22:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/15 17:27:38 | 000,000,489 | ---- | C] () -- C:\Program Files\Shortcut to Total PS7.lnk
[2007/01/27 20:32:06 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/01/27 19:01:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/01/27 18:43:46 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/01/25 23:37:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/20 23:27:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/15 21:43:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/23 22:15:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2006/08/23 22:15:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2006/08/23 22:10:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/07/18 09:49:54 | 000,064,512 | -H-- | C] () -- C:\WINDOWS\rbap450.dll
[2006/07/10 12:00:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/01 23:05:16 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/04/19 18:33:06 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/16 10:14:02 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp
[2006/04/16 10:14:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp
[2006/04/16 08:46:57 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/04/15 21:24:18 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2006/04/15 21:24:18 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2006/04/10 19:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/04/08 22:14:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/28 20:19:22 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI
[2006/03/28 20:19:04 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax
[2006/03/28 20:19:04 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax
[2005/09/26 20:02:22 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2005/09/26 19:57:45 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/01 00:23:14 | 000,000,098 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/08/31 22:33:23 | 000,215,552 | ---- | C] () -- C:\WINDOWS\System32\Webupdate2.dll
[2005/08/31 22:33:23 | 000,002,309 | ---- | C] () -- C:\WINDOWS\System32\french.ini
[2005/08/31 22:33:23 | 000,002,194 | ---- | C] () -- C:\WINDOWS\System32\spanish.ini
[2005/08/31 22:33:23 | 000,001,673 | ---- | C] () -- C:\WINDOWS\System32\english.ini
[2005/08/30 15:58:52 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/08/30 00:46:26 | 000,000,268 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/08/29 23:49:53 | 000,009,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2005/08/29 23:47:18 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/29 23:06:23 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/29 20:43:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/08/29 20:43:30 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/05/06 01:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 01:46:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 01:46:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 01:46:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 01:46:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 01:15:23 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/05/06 01:14:08 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 01:14:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 01:13:39 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 01:10:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 00:54:47 | 000,047,832 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/05/06 00:53:08 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/05/06 00:53:08 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/05/06 00:46:12 | 000,050,500 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2005/05/06 00:44:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/06 00:41:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/05/06 00:30:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/06 00:28:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 11:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/28 03:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/26 22:58:08 | 000,475,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/26 22:58:08 | 000,085,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/26 22:56:22 | 003,645,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/26 22:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/26 22:51:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 22:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/11 16:13:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/08/31 06:00:00 | 000,001,876 | -H-- | C] () -- C:\WINDOWS\System32\msisl$.dll
[2001/08/23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 22:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/23 21:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2005/09/01 11:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/09/01 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/10 19:26:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/29 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/07/29 13:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2010/03/04 10:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2011/10/30 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/12/20 23:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/11 03:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2007/01/27 20:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/27 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/12/25 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2007/04/12 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/12 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/01/11 11:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/09/13 21:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2006/05/13 21:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/30 18:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/09 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/10/11 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2006/04/19 18:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/03/22 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/07/13 20:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/12/23 19:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/17 19:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/08/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/02/01 22:59:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{36735930-3965-4D73-9FA0-1E8DBBB9F73B}
[2010/05/13 08:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/01 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{54C7CAE8-5F15-4236-B08D-4CF80E3C1EA1}
[2011/02/01 22:58:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5DEB9CCF-03FD-4827-9973-C304E722EFD9}
[2010/02/11 10:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/24 16:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{85E31355-0287-415E-833F-C91C059E0981}
[2011/02/01 23:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A9319562-7E37-4B47-9DA9-4E2F4AA249D0}
[2011/02/01 22:59:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ABA286BA-B174-477F-9D8C-F003CA88CE77}
[2011/02/01 22:57:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB071057-A2A8-4584-9AFF-E2D674AF01F8}
[2011/02/01 23:02:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
[2010/10/08 21:43:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D9E0EE67-1483-4783-8326-7E411B3B012D}
[2011/02/01 23:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DA4AB737-3A03-4508-9D68-1FCE2B35A87C}
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2006/06/04 00:52:35 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/08/24 15:18:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-HP_Owner-Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A77133
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C3AB27

< End of report >

#3
Jintan

Posted 28 December 2011 - 06:15 PM

Trusted Helper

Malware Removal
904 posts

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-27 16:43:59
-----------------------------
16:43:59.625 OS Version: Windows 5.1.2600 Service Pack 3
16:43:59.625 Number of processors: 1 586 0x401
16:43:59.625 ComputerName: HAPPYBIRTHDAY UserName: HP_Owner
16:44:00.984 Initialize success
16:44:24.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:44:24.578 Disk 0 Vendor: ST3160021A 8.11 Size: 152627MB BusType: 3
16:44:26.625 Disk 0 MBR read successfully
16:44:26.625 Disk 0 MBR scan
16:44:26.625 Disk 0 unknown MBR code
16:44:26.640 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 7139 MB offset 63
16:44:26.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145485 MB offset 14621040
16:44:26.687 Disk 0 scanning sectors +312575760
16:44:26.875 Disk 0 scanning C:\WINDOWS\system32\drivers
16:45:02.546 Service scanning
16:45:03.750 Service MpKsl9958b3f4 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DD96F53-6987-4E2B-BB50-A6A56F4838DB}\MpKsl9958b3f4.sys **LOCKED** 32
16:45:04.468 Modules scanning
16:45:51.171 Disk 0 trace - called modules:
16:45:51.203 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
16:45:51.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad4eab8]
16:45:51.703 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000075[0x8ad78e98]
16:45:51.703 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ad51940]
16:45:51.718 Scan finished successfully
16:46:04.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
16:46:04.593 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR.txt"

And now I will take time to review what I just posted.

#4
Jintan

Posted 28 December 2011 - 06:23 PM

Trusted Helper

Malware Removal
904 posts

As you have already kinda mentioned, you have used many security programs on this computer, and these logs show that. Too many, too often. You seem to have at least two antivirus programs currently installed - Kaspersky and Microsoft. That alone will cause plenty of system problems, as each of those competes for the job, and damages each other, and some system functions.

OTL creates a second log, Extras.Txt, located in the same location as OTL.exe. Please post the contents of that here.

#5
Fran7909

Posted 28 December 2011 - 08:14 PM

Member

Topic Starter
Member
22 posts

Hi Jintan. This is the only OTL file on my desktop. Can I run it again? Thank You

OTL logfile created on: 12/23/2011 8:36:27 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.40% Memory free
2.68 Gb Paging File | 2.27 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 856 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 68.39 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.26 Gb Free Space | 18.07% Space Free | Partition Type: FAT32

Computer Name: HAPPYBIRTHDAY | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv4SVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (HiWiredCore) -- C:\Program Files\HiWired\PC Check & Connect\HiWired.Client.Core.exe (HiWired Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (MotorolaDAP) -- C:\WINDOWS\system32\MotorolaDAP.exe (Motorola Inc.)

========== Driver Services (SafeList) ==========

DRV - (MpKsl9a26706c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D937AD99-6C9A-468F-A235-1036D18DAC99}\MpKsl9a26706c.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 23:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 22:51:51 | 000,000,000 | ---D | M]

[2010/09/09 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2011/12/21 19:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions
[2009/01/10 20:00:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/13 20:05:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\extensions\[email protected]
[2011/11/16 23:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/27 22:35:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/11 21:12:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 14:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011/12/14 23:23:02 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/01/24 19:41:37 | 000,292,650 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10078 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Key error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.betterpho...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...aploader_v7.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} http://www.betterpho...opUploader2.cab (Drag and Drop Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06E9CC76-C311-4BC5-87E6-473692242E33}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCBB5F13-4832-4E6A-8ECF-2492CF901AF7}: DhcpNameServer = 216.97.170.4 216.97.170.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19552BB-736C-4E01-B354-E801E391B1C7}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC23394F-AD85-4792-9D06-444A4A6F58E2}: DhcpNameServer = 216.97.170.4 216.97.170.5
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Vankning.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Vankning.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/30 17:56:52 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{7d7bd454-f4e0-11de-b506-00121772e6db}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 20:33:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 16:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/22 21:05:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2011/12/22 12:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\My muvees
[2011/12/21 23:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
[2011/12/20 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 22:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/12/19 20:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\MigWiz
[2011/12/19 14:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\adaware
[2011/12/19 13:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Bussinesss cards address lables
[2011/12/19 13:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\op photo res
[2011/12/18 11:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/18 11:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/12 18:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData
[2011/12/12 18:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started
[2011/12/12 18:17:08 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/12/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\WinBatch
[2011/12/11 22:21:37 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
[2011/12/11 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/11 17:03:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/06 21:55:48 | 005,991,200 | ---- | C] (Siber Systems) -- C:\Documents and Settings\HP_Owner\My Documents\RoboForm-Desktop-Setup.exe
[2011/12/06 19:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\bussiness cards
[2011/12/02 22:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/04 20:12:29 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/10/13 12:44:34 | 004,351,608 | ---- | C] (W3i, LLC) -- C:\Program Files\gimp_9281.exe
[2006/01/31 22:35:07 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/23 20:56:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/23 20:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 20:35:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/12/23 19:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/23 19:18:06 | 000,475,874 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/23 19:18:06 | 000,085,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/12/23 19:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 19:13:19 | 2138,624,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/12/23 16:43:03 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/23 12:10:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/12/22 20:37:13 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/22 17:43:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/22 15:29:23 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/22 10:31:04 | 000,009,622 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 04:53:44 | 000,295,042 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/20 23:58:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/20 18:47:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/12/19 20:41:10 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 20:41:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/19 19:59:38 | 000,000,268 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2011/12/19 14:31:40 | 000,991,494 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/19 11:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/17 11:06:39 | 003,645,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 19:01:02 | 000,631,847 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/12 10:48:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2011/12/12 10:43:22 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\HP_Owner\default.pls
[2011/12/11 22:21:36 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 22:07:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/09 23:31:58 | 000,001,208 | ---- | M] () -- C:\WINDOWS\VFO.INI
[2011/12/06 23:17:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2011/12/06 19:42:31 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:26:40 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:40:32 | 000,330,807 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:16 | 006,310,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/28 18:19:16 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/11/27 13:14:45 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:46 | 000,421,289 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht

========== Files Created - No Company Name ==========

[2011/12/23 16:43:03 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/23 16:43:03 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/12/22 16:09:54 | 2138,624,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/22 15:29:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/21 04:53:44 | 000,295,042 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/12/21 00:02:56 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/20 23:57:44 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/19 14:31:40 | 000,991,494 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cookbook.pdf
[2011/12/18 11:56:14 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/12 19:01:01 | 000,631,847 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Bedford Family Christmas.mht
[2011/12/11 22:07:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 22:07:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/06 19:42:31 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\blank crystal card. pink black jpg.jpg
[2011/12/02 22:22:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 22:22:20 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/02 22:20:20 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/11/28 18:56:49 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Crystal cards.biz
[2011/11/28 18:22:04 | 000,330,807 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IPaulette Invoice.jpg
[2011/11/28 18:19:08 | 006,310,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\IMG.bmp invoice Paulette
[2011/11/27 13:14:44 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD Poster file.sig
[2011/11/27 12:24:44 | 000,421,289 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\VHS to DVD transfer service prices.mht
[2011/08/24 20:51:57 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/08/05 21:40:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/08/05 21:40:21 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/04 21:46:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe BMP Format CS5 Prefs
[2011/06/26 12:56:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/08 14:14:39 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Adobe AIFF Format CS5 Prefs
[2010/09/28 09:34:36 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/09/28 09:16:18 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2010/09/28 09:14:55 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/09/28 09:14:55 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/09/28 09:14:55 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/09/28 09:14:55 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/09/28 09:14:55 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/06/15 20:24:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/11 16:52:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2010/01/05 21:33:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\pepwnxfu.sys
[2010/01/04 16:21:57 | 000,114,692 | ---- | C] () -- C:\WINDOWS\Christmas and New Year 2005 Frames Pack Uninstaller.exe
[2010/01/03 13:06:09 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/12/30 10:24:19 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp
[2008/12/30 10:24:18 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\focus.tni
[2008/12/30 10:23:57 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_data_foc
[2008/12/30 10:23:57 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\data_foc
[2008/12/30 10:14:49 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dataz
[2008/12/17 19:47:50 | 000,083,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/24 23:22:59 | 000,000,325 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/04 13:05:06 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2008/09/04 13:05:03 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2008/09/04 13:04:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2008/07/20 13:18:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/26 11:28:58 | 001,175,372 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Install.dat
[2007/12/25 14:13:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/15 12:47:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/09/25 16:07:25 | 000,117,191 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/09/25 16:03:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/09/25 16:02:07 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/08/24 10:06:30 | 000,091,520 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/19 12:42:52 | 000,001,024 | ---- | C] () -- C:\WINDOWS\VueIcons.ini
[2007/07/23 19:20:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UNIVMGR.INI
[2007/02/27 23:50:58 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/27 22:35:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/15 17:27:38 | 000,000,489 | ---- | C] () -- C:\Program Files\Shortcut to Total PS7.lnk
[2007/01/27 20:32:06 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/01/27 19:01:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/01/27 18:43:46 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/01/25 23:37:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/20 23:27:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/15 21:43:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/08/23 22:15:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2006/08/23 22:15:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2006/08/23 22:10:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/07/18 09:49:54 | 000,064,512 | -H-- | C] () -- C:\WINDOWS\rbap450.dll
[2006/07/10 12:00:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/01 23:05:16 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/04/19 18:33:06 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/16 10:14:02 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat.temp
[2006/04/16 10:14:02 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat.temp
[2006/04/16 08:46:57 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2006/04/15 21:24:18 | 000,018,111 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2006/04/15 21:24:18 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2006/04/10 19:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/04/08 22:14:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/28 20:19:22 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI
[2006/03/28 20:19:04 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax
[2006/03/28 20:19:04 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax
[2005/09/26 20:02:22 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2005/09/26 19:57:45 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/09/01 00:23:14 | 000,000,098 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/08/31 22:33:23 | 000,215,552 | ---- | C] () -- C:\WINDOWS\System32\Webupdate2.dll
[2005/08/31 22:33:23 | 000,002,309 | ---- | C] () -- C:\WINDOWS\System32\french.ini
[2005/08/31 22:33:23 | 000,002,194 | ---- | C] () -- C:\WINDOWS\System32\spanish.ini
[2005/08/31 22:33:23 | 000,001,673 | ---- | C] () -- C:\WINDOWS\System32\english.ini
[2005/08/30 15:58:52 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/08/30 00:46:26 | 000,000,268 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/08/29 23:49:53 | 000,009,622 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2005/08/29 23:47:18 | 000,207,872 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/29 23:06:23 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/08/29 20:43:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/08/29 20:43:30 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/05/06 01:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 01:46:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 01:46:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 01:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 01:46:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 01:46:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 01:15:23 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/05/06 01:14:08 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 01:14:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 01:13:39 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 01:10:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 00:54:47 | 000,047,832 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/05/06 00:53:08 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/05/06 00:53:08 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/05/06 00:46:12 | 000,050,500 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2005/05/06 00:44:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/06 00:41:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/05/06 00:30:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/06 00:28:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 11:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/28 03:12:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/26 22:58:08 | 000,475,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/26 22:58:08 | 000,085,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/26 22:56:22 | 003,645,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/26 22:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/26 22:51:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/19 23:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 23:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 22:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/11 16:13:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FM20(2).DLL
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2002/08/31 06:00:00 | 000,001,876 | -H-- | C] () -- C:\WINDOWS\System32\msisl$.dll
[2001/08/23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 22:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/23 21:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2005/09/01 11:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/09/01 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/08/10 19:26:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/29 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/07/29 13:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2010/03/04 10:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2011/10/30 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/12/20 23:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/11 03:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/12/21 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2007/01/27 20:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/27 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/12/25 16:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2007/04/12 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/04/12 19:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/01/11 11:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/09/13 21:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2006/05/13 21:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/30 18:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/09 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/10/11 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2006/04/19 18:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/03/22 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/07/13 20:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/12/23 19:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/17 19:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/08/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/02/01 22:59:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{36735930-3965-4D73-9FA0-1E8DBBB9F73B}
[2010/05/13 08:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/01 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{54C7CAE8-5F15-4236-B08D-4CF80E3C1EA1}
[2011/02/01 22:58:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5DEB9CCF-03FD-4827-9973-C304E722EFD9}
[2010/02/11 10:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/24 16:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{85E31355-0287-415E-833F-C91C059E0981}
[2011/02/01 23:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A9319562-7E37-4B47-9DA9-4E2F4AA249D0}
[2011/02/01 22:59:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ABA286BA-B174-477F-9D8C-F003CA88CE77}
[2011/02/01 22:57:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BB071057-A2A8-4584-9AFF-E2D674AF01F8}
[2011/02/01 23:02:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
[2010/10/08 21:43:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D9E0EE67-1483-4783-8326-7E411B3B012D}
[2011/02/01 23:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DA4AB737-3A03-4508-9D68-1FCE2B35A87C}
[2011/12/21 22:07:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/23 19:17:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/12/23 18:23:16 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2006/06/04 00:52:35 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2011/12/23 19:18:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/23 19:06:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011/12/23 17:16:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
[2011/08/24 15:18:06 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-HP_Owner-Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1957F8A9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9A77133
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C3AB27

< End of report >

#6
Jintan

Posted 28 December 2011 - 08:37 PM

Trusted Helper

Malware Removal
904 posts

Let's change scans then.

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.scr
DDS.pif (right click the link - Save Target/Link As)

Then then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post both of them back here please.

#7
Fran7909

Posted 28 December 2011 - 08:53 PM

Member

Topic Starter
Member
22 posts

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Run by HP_Owner at 20:49:10 on 2011-12-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1435 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - IEVkbdBHO Class
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: link filter bho: {e33cf602-d945-461a-83f0-819f76a199f8} - FilterBHO Class
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: &Vomba Branding Window: {50ed07ef-2f49-40cd-bb69-23df2fd9ee1c} - %SystemRoot%\system32\shdocvw.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-system: Wallpaper =
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop46/DragAndDropUploader2.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{06E9CC76-C311-4BC5-87E6-473692242E33} : DhcpNameServer = 216.97.170.4 216.97.170.5
TCP: Interfaces\{DCBB5F13-4832-4E6A-8ECF-2492CF901AF7} : DhcpNameServer = 216.97.170.4 216.97.170.5
TCP: Interfaces\{E19552BB-736C-4E01-B354-E801E391B1C7} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{FC23394F-AD85-4792-9D06-444A4A6F58E2} : DhcpNameServer = 216.97.170.4 216.97.170.5
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\x2omoym5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62848
FF - prefs.js: network.proxy.type - 1
FF - component: c:\progra~1\mozill~1\extensions\[email protected]\components\qfaservices.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_19.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-8-5 475736]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6819d5ec;MpKsl6819d5ec;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dd96f53-6987-4e2b-bb50-a6a56f4838db}\MpKsl6819d5ec.sys [2011-12-28 29904]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S1 MpKsl19409cc2;MpKsl19409cc2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksl19409cc2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsl19409cc2.sys [?]
S1 MpKsl90d641ff;MpKsl90d641ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpksl90d641ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKsl90d641ff.sys [?]
S1 MpKslb31f5ea2;MpKslb31f5ea2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpkslb31f5ea2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKslb31f5ea2.sys [?]
S1 MpKsld065c083;MpKsld065c083;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksld065c083.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsld065c083.sys [?]
S1 MpKsled994164;MpKsled994164;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksled994164.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsled994164.sys [?]
S1 MpKslf0b7435f;MpKslf0b7435f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpkslf0b7435f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKslf0b7435f.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 HiWiredCore;HiWired Client Core Service;c:\program files\hiwired\pc check & connect\HiWired.Client.Core.exe [2008-9-21 487672]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MotorolaDAP;Motorola Digital Audio Player Manager;c:\windows\system32\MotorolaDAP.exe [2004-9-28 270336]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-28 16:55:51 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dd96f53-6987-4e2b-bb50-a6a56f4838db}\MpKsl6819d5ec.sys
2011-12-28 16:55:45 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dd96f53-6987-4e2b-bb50-a6a56f4838db}\offreg.dll
2011-12-27 01:23:36 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2dd96f53-6987-4e2b-bb50-a6a56f4838db}\mpengine.dll
2011-12-24 17:46:18 -------- d-----w- c:\documents and settings\hp_owner\application data\ElevatedDiagnostics
2011-12-24 16:50:26 -------- d-----w- c:\program files\ACW
2011-12-22 19:48:21 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-22 05:08:06 -------- d-----w- c:\documents and settings\hp_owner\application data\WeatherBug
2011-12-21 10:53:44 295042 ----a-w- c:\windows\system32\shimg.dll
2011-12-21 05:57:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-21 04:11:52 -------- d-----w- c:\program files\InterActual
2011-12-20 02:23:23 -------- dc----w- c:\documents and settings\hp_owner\local settings\application data\MigWiz
2011-12-19 20:54:03 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\adaware
2011-12-13 00:17:59 -------- d-----w- C:\ProgramData
2011-12-13 00:17:39 -------- d---a-w- c:\program files\common files\LS Getting Started
2011-12-13 00:17:08 -------- d---a-w- C:\swsetup
2011-12-13 00:16:50 -------- d-----w- c:\documents and settings\hp_owner\application data\WinBatch
2011-12-12 04:21:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 04:20:05 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Sunbelt Software
2011-12-12 04:08:19 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-11 23:03:06 -------- d-----w- C:\Downloads
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 07:15:01 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-01-05 02:12:32 27024112 -c--a-w- c:\program files\PowerPointViewer.exe
2009-10-13 18:57:16 4351608 -c--a-w- c:\program files\gimp_9281.exe
2006-02-01 04:34:16 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 20:50:48.23 ===============

#8
Fran7909

Posted 28 December 2011 - 08:56 PM

Member

Topic Starter
Member
22 posts

#9
Jintan

Posted 28 December 2011 - 09:20 PM

Trusted Helper

Malware Removal
904 posts

Sorry Fran, that's the same log twice, and I really would like to see the installs list there. When that scan is run, it creates a second, Attach.txt log. Please run it again, spot that one and post it's contents back here.

Failing that, and please try to get that second DDS log, go here and download and install HijackThis (not the beta version). In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

#10
Fran7909

Posted 28 December 2011 - 09:33 PM

Member

Topic Starter
Member
22 posts

Jintan, I'm not very good at this, I'm sorry. I hope this is right, Please let me know.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2005 9:33:20 PM
System Uptime: 12/28/2011 10:55:10 AM (11 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Guppy
Processor: Intel® Celeron® CPU 3.06GHz | PGA 478 | 3066/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 69.409 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.258 GiB free.
E: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
Class GUID: {A12A4C5A-E1A3-4151-9927-7F724CA5DC92}
Description: Garmin USB GPS
Device ID: ROOT\UNKNOWN\0000
Manufacturer: Garmin
Name: Garmin USB GPS
PNP Device ID: ROOT\UNKNOWN\0000
Service: grmnusb
.
==== System Restore Points ===================
.
RP451: 12/25/2011 7:23:31 PM - Software Distribution Service 3.0
RP452: 12/26/2011 7:23:33 PM - Software Distribution Service 3.0
RP453: 12/27/2011 7:32:53 PM - System Checkpoint
RP454: 12/28/2011 7:59:41 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Photoshop Express Uploader
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Software Update
C6100
c6100_Help
Canon CanoScan Toolbox 4.6
Copy
Destinations
DeviceManagementQFolder
DiscAPI (Studio 10)
DocumentViewer
DocumentViewerQFolder
FastStone MaxView 2.1
Fax_CDA
Final Drive Nitro from Hewlett-Packard Desktops (remove only)
Garmin POI Loader
Garmin WebUpdater
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP Document Viewer 7.0
HP Help and Support 4.0
HP Imaging Device Functions 7.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Update
HPHDiscovery
HPPhotoSmartExpress
HpSdpAppCoreApp
Image Analyzer
ImageMixer 3 SE for SD
InstantShareDevicesMFC
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Explorer (Enable DEP)
InterVideo WinDVD Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 5
Lexibox Deluxe from Hewlett-Packard Desktops (remove only)
Linksys Wireless-G USB Network Adapter
LizardTech DjVu Control (autoinstall)
Logitech iTouch Software
Manual CanoScan 4200F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Digital Image Pro 7.0
Microsoft Fix it Center
Microsoft Money 2005
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Music Manager
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
muvee autoProducer 4.0
muvee autoProducer 6.1 Seagate Edition
Nero 7 Essentials
NewCopy_CDA
OmniPage SE 2.0
Paint.NET v3.35
PanoStandAlone
PC-Doctor for Windows
PC Check & Connect
Phoenix Assault from Hewlett-Packard Desktops (remove only)
Picture Package Music Transfer
Pinnacle Instant DVD Recorder
Portrait Professional 6.5
PrintMaster 12
ProductContextNPI
PRS-500 USB driver
PS2
PSPrinters06
QFolder
Quicken 2005
QuickTime
RAPID
Reader Library by Sony
RealPlayer
Scan
ScannerCopy
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Slyder from Hewlett-Packard Desktops (remove only)
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sony Picture Utility
Sony USB Driver
Status
Studio 10
Studio 10 Bonus DVD
Toolbox
Topaz InFocus
Topaz Adjust 4
Topaz Clean 3
Topaz DeJpeg 4
Topaz DeNoise 5
Topaz Detail 2
Topaz Fusion Express 2
Topaz ReMask 3
Topaz Simplify 3
Topo USA 2.0
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Updates from HP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VuePrint
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windstream Broadband Check-up Center
XML Paper Specification Shared Components Pack 1.0
Yontoo Layers 1.10.01
Zoner Photo Studio 12
.
==== Event Viewer Messages From Past Week ========
.
12/28/2011 11:06:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1773.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072f76 Error description: The requested header was not found
12/27/2011 11:07:37 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/22/2011 5:38:11 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/22/2011 5:35:49 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:49 PM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:49 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:48 PM, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:48 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:48 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2011 5:35:48 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/22/2011 3:31:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1580.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
12/22/2011 3:31:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/22/2011 3:20:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF MpFilter PCLEPCI
12/22/2011 3:08:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/22/2011 3:08:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/22/2011 3:08:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/22/2011 3:08:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec kl2 KLIF MpFilter MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip WS2IFSL
12/22/2011 3:08:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 3:08:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2011 12:45:58 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/21/2011 11:10:06 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
12/21/2011 11:07:02 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
.
==== End Of File ===========================

#11
Jintan

Posted 28 December 2011 - 09:54 PM

Trusted Helper

Malware Removal
904 posts

That's the one. Kaspersky doesn't show in the installs list, but since Microsoft doesn't provide an uninstall tool, thank goodness it does. Unless we can clear up the antivirus logjam there, we really cannot assess much else.

Temp disable all security software you are able to.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Yontoo Layers 1.10.01 - Adware.
Microsoft Security Essentials

-------

Reboot (necessary for all changes to be completed). Then go here and download and run the Kaspersky Removal Tool kavremover.exe.

-------

Reboot. Then go here and download and run the AVG uninstaller.

And one additional reboot. Please do those steps as shown - truly will improve things there.

Then run and post a new DDS DDS.txt log please (just the "main" one this time).

#12
Fran7909

Posted 28 December 2011 - 11:01 PM

Member

Topic Starter
Member
22 posts

Hi Jintan, M,S,E, uninstalled without a problem. Yontoo Layers came up with this error. Set up Initialization error. I ran the A,V,G & Kaspersky several times. Then the log. Again Thank You.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Run by HP_Owner at 22:55:25 on 2011-12-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1588 [GMT -6:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo Layers
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: &Vomba Branding Window: {50ed07ef-2f49-40cd-bb69-23df2fd9ee1c} - %SystemRoot%\system32\shdocvw.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-system: Wallpaper =
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.betterphoto.com/_shared/uploadImageBulk/ImageUploader3.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop46/DragAndDropUploader2.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{06E9CC76-C311-4BC5-87E6-473692242E33} : DhcpNameServer = 216.97.170.4 216.97.170.5
TCP: Interfaces\{DCBB5F13-4832-4E6A-8ECF-2492CF901AF7} : DhcpNameServer = 216.97.170.4 216.97.170.5
TCP: Interfaces\{E19552BB-736C-4E01-B354-E801E391B1C7} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{FC23394F-AD85-4792-9D06-444A4A6F58E2} : DhcpNameServer = 216.97.170.4 216.97.170.5
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\x2omoym5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62848
FF - prefs.js: network.proxy.type - 1
FF - component: c:\progra~1\mozill~1\extensions\[email protected]\components\qfaservices.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_19.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S1 MpKsl19409cc2;MpKsl19409cc2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksl19409cc2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsl19409cc2.sys [?]
S1 MpKsl90d641ff;MpKsl90d641ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpksl90d641ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKsl90d641ff.sys [?]
S1 MpKslb31f5ea2;MpKslb31f5ea2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpkslb31f5ea2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKslb31f5ea2.sys [?]
S1 MpKsld065c083;MpKsld065c083;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksld065c083.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsld065c083.sys [?]
S1 MpKsled994164;MpKsled994164;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\mpksled994164.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2abcdf64-1d60-4371-9e51-da538c14d12d}\MpKsled994164.sys [?]
S1 MpKslf0b7435f;MpKslf0b7435f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\mpkslf0b7435f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db41489e-88a5-49c9-bf14-9e3929ab9d7b}\MpKslf0b7435f.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 HiWiredCore;HiWired Client Core Service;c:\program files\hiwired\pc check & connect\HiWired.Client.Core.exe [2008-9-21 487672]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MotorolaDAP;Motorola Digital Audio Player Manager;c:\windows\system32\MotorolaDAP.exe [2004-9-28 270336]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-24 17:46:18 -------- d-----w- c:\documents and settings\hp_owner\application data\ElevatedDiagnostics
2011-12-24 16:50:26 -------- d-----w- c:\program files\ACW
2011-12-22 05:08:06 -------- d-----w- c:\documents and settings\hp_owner\application data\WeatherBug
2011-12-21 10:53:44 295042 ----a-w- c:\windows\system32\shimg.dll
2011-12-21 04:11:52 -------- d-----w- c:\program files\InterActual
2011-12-20 02:23:23 -------- dc----w- c:\documents and settings\hp_owner\local settings\application data\MigWiz
2011-12-19 20:54:03 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\adaware
2011-12-13 00:17:59 -------- d-----w- C:\ProgramData
2011-12-13 00:17:39 -------- d---a-w- c:\program files\common files\LS Getting Started
2011-12-13 00:17:08 -------- d---a-w- C:\swsetup
2011-12-13 00:16:50 -------- d-----w- c:\documents and settings\hp_owner\application data\WinBatch
2011-12-12 04:21:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 04:20:05 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Sunbelt Software
2011-12-12 04:08:19 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-11 23:03:06 -------- d-----w- C:\Downloads
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-12-03 04:27:03 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 07:15:01 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-01-05 02:12:32 27024112 -c--a-w- c:\program files\PowerPointViewer.exe
2009-10-13 18:57:16 4351608 -c--a-w- c:\program files\gimp_9281.exe
2006-02-01 04:34:16 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 22:56:44.46 ===============

#13
Jintan

Posted 29 December 2011 - 05:07 PM

Trusted Helper

Malware Removal
904 posts

Very good. Some security program active remnants to take out, and some unwanted proxy settings, then run a scan to start effecting malware removal repairs.

Go to Start > Run and type

cmd

and OK. At the prompt type (or copy\paste) the below commands and hit "Enter" after each line:

sc delete "Lavasoft Kernexplorer"
sc delete AvFlt

Type Exit and press Enter to close the command window. You should get confirmations after each those the change was successful.

---------

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-

Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

#14
Fran7909

Posted 29 December 2011 - 06:04 PM

Member

Topic Starter
Member
22 posts

ComboFix 11-12-29.05 - HP_Owner 12/29/2011 17:49:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1604 [GMT -6:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\Install.dat
c:\documents and settings\HP_Owner\WINDOWS
c:\documents and settings\HP_Owner\WINDOWS\win.ini
c:\program files\gimp_9281.exe
c:\program files\LP
c:\program files\LP\43A9\1.tmp
c:\program files\LP\43A9\13.tmp
c:\program files\LP\43A9\14.tmp
c:\program files\LP\43A9\15.tmp
c:\program files\LP\43A9\16.tmp
c:\program files\LP\43A9\17.tmp
c:\program files\LP\43A9\18.tmp
c:\program files\LP\43A9\19.tmp
c:\program files\LP\43A9\1A.tmp
c:\program files\LP\43A9\1B.tmp
c:\program files\LP\43A9\1C.tmp
c:\program files\LP\43A9\1D.tmp
c:\program files\LP\43A9\1E.tmp
c:\program files\LP\43A9\1F.tmp
c:\program files\LP\43A9\2.tmp
c:\program files\LP\43A9\20.tmp
c:\program files\LP\43A9\22.tmp
c:\program files\LP\43A9\3.tmp
c:\program files\LP\43A9\4.tmp
c:\program files\LP\43A9\5.tmp
c:\program files\LP\43A9\6.tmp
c:\program files\LP\43A9\7.tmp
c:\program files\UNWISE.EXE
C:\Thumbs.db
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
c:\windows\system32\shimg.dll
c:\windows\system32\Thumbs.db
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-24 17:46 . 2011-12-24 17:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
2011-12-24 16:50 . 2011-12-24 16:50 -------- d-----w- c:\program files\ACW
2011-12-22 05:08 . 2011-12-22 05:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WeatherBug
2011-12-21 04:11 . 2011-12-22 23:05 -------- d-----w- c:\program files\InterActual
2011-12-20 02:23 . 2011-12-20 23:12 -------- dc----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\MigWiz
2011-12-19 20:54 . 2011-12-19 20:54 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\adaware
2011-12-13 00:17 . 2011-12-13 00:17 -------- d-----w- C:\ProgramData
2011-12-13 00:17 . 2011-12-13 00:17 -------- d---a-w- c:\program files\Common Files\LS Getting Started
2011-12-13 00:17 . 2011-12-13 00:27 -------- d---a-w- C:\swsetup
2011-12-13 00:16 . 2011-12-13 00:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\WinBatch
2011-12-12 04:21 . 2011-12-12 04:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 04:20 . 2011-12-12 04:20 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
2011-12-12 04:08 . 2011-12-12 04:08 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-11 23:03 . 2011-12-15 04:59 -------- d-----w- C:\Downloads
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-12-03 04:27 . 2011-12-03 04:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-12-03 04:22 . 2011-12-03 04:22 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 07:15 . 2011-07-08 17:08 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 12:00 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 18:00 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 12:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 12:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-01-05 02:12 . 2011-01-05 02:12 27024112 -c--a-w- c:\program files\PowerPointViewer.exe
2006-02-01 04:34 . 2006-02-01 04:35 774144 -c--a-w- c:\program files\RngInterstitial.dll
2011-11-05 06:53 . 2011-11-17 05:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virus
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Weather"=c:\program files\AWS\WeatherBug\Weather.exe 1
"Software Informer"="c:\program files\Software Informer\softinfo.exe" -autorun
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"AdobeBridge"=
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"NWEReboot"=
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
"PCLEUSBTip"=c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Reader Library Launcher"=c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"PinnacleDriverCheck"=c:\windows\system32\\PSDrvCheck.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"zBrowser Launcher"=c:\program files\Logitech\iTouch\iTouch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
S1 MpKsl19409cc2;MpKsl19409cc2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsl19409cc2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsl19409cc2.sys [?]
S1 MpKsl90d641ff;MpKsl90d641ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKsl90d641ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKsl90d641ff.sys [?]
S1 MpKslb31f5ea2;MpKslb31f5ea2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKslb31f5ea2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKslb31f5ea2.sys [?]
S1 MpKsld065c083;MpKsld065c083;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsld065c083.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsld065c083.sys [?]
S1 MpKsled994164;MpKsled994164;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsled994164.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ABCDF64-1D60-4371-9E51-DA538C14D12D}\MpKsled994164.sys [?]
S1 MpKslf0b7435f;MpKslf0b7435f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKslf0b7435f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB41489E-88A5-49C9-BF14-9E3929AB9D7B}\MpKslf0b7435f.sys [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:06 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:06 PM 135664]
S3 HiWiredCore;HiWired Client Core Service;c:\program files\HiWired\PC Check & Connect\HiWired.Client.Core.exe [9/21/2008 7:24 PM 487672]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2011-12-29 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2011-12-29 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 04:09]
.
2006-06-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:06]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:06]
.
2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{08EA2A29-AEDB-4FCF-9ABC-DA95BFFA629C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.254.254
DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop46/DragAndDropUploader2.cab
DPF: {F89EF74A-956B-4BD3-A066-4F23DF891982} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop/DragAndDropUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\x2omoym5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62848
FF - prefs.js: network.proxy.type - 1
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-Schedule - (no file)
Notify-WgaLogon - (no file)
SafeBoot-klmdb.sys
AddRemove-Topo USA 2.0 - c:\program files\Topo USA 2.0\Topo2Uninst.isu
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-29 18:02:48
ComboFix-quarantined-files.txt 2011-12-30 00:02
.
Pre-Run: 87,654,998,016 bytes free
Post-Run: 87,877,361,664 bytes free
.
- - End Of File - - 10D823DAF7E59302B83F6BF0396436A2

#15
Fran7909

Posted 29 December 2011 - 06:21 PM

Member

Topic Starter
Member
22 posts

Hi Jintan. I wanted to tell you, there is a big improvement in the speed of this computer. Can you tell me what to use for antivirus. Would Microsoft Security Essentials be ok? Do I need anything else? I'm mostly on Photography sites, I restore photo's. I'm on Facebook and of course email.
I want to Thank you for you help and Patience.