Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud-C.gp; how do I get rid of it?

Started by swansonadvent , Jul 06 2011 10:24 AM

  • Please log in to reply

#1
swansonadvent
Posted 06 July 2011 - 10:24 AM

swansonadvent

    New Member

  • Member
  • Pip
  • 9 posts
I've been trying to clean out my parent's PC from spyware and viruses and have found a nasty malware program called Smitfraud. Spybot picks it up every time, say's it's fixed every time and then picks it up again on the next scan. It's driving me nuts and I'm starting to think I'm well out of my depth. Please help me, Geeks. I'd appreciate it greatly.



OTL logfile created on: 06/07/2011 17:07:23 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Jerome\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.98 Mb Total Physical Memory | 48.33 Mb Available Physical Memory | 18.95% Memory free
625.91 Mb Paging File | 228.25 Mb Available in Paging File | 36.47% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 32.16 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 61.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.

Computer Name: DELL | User Name: Jerome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
PRC - [2011/07/06 16:35:27 | 003,485,480 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2011/06/24 07:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/07/23 10:53:12 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 15:40:16 | 001,697,112 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2007/11/06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2005/12/09 16:03:32 | 000,094,208 | ---- | M] () -- C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003/10/16 13:25:32 | 000,118,784 | ---- | M] () -- C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
PRC - [2003/03/06 10:23:33 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\PackethSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (iWinGamesInstaller)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/10 05:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\PackethSvc.exe -- (PackethSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/10/01 12:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys -- (rt2870)
DRV - [2004/08/04 06:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 06:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 06:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 06:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 06:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 06:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 06:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 06:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 06:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 06:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/06 10:23:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/03/06 10:19:17 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/03/06 10:19:17 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/11 10:29:00 | 000,207,936 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/10 05:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/09/25 00:26:54 | 000,531,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]

[2011/02/15 19:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Extensions
[2011/06/28 13:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions
[2011/02/15 19:51:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 16:41:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [seekmo] File not found
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [WinFX_cwr] C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [STManager] C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
O4 - HKCU..\Run: [updateMgr] File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/...nagerPlugin.CAB (Tiscali Music Downloads)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/15 10:14:17 | 000,000,048 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 16:47:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jerome\IECompatCache
[2011/07/05 20:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Temp
[2011/07/05 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Application Data\Malwarebytes
[2011/07/05 19:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/05 19:29:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/05 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/05 19:29:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 19:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/05 16:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/05 16:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\HiJackThis
[2011/06/28 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\Google Chrome
[2011/06/25 14:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/24 20:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Desktop\Downloads
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 17:03:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/06 16:54:37 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/06 16:42:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/06 16:31:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/06 16:29:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/06 16:28:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/06 16:28:16 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 21:50:06 | 021,129,239 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/07/05 19:29:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 13:18:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/02 07:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 20:00:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/06/30 03:14:27 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/30 03:14:27 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/29 09:44:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 09:44:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/25 14:13:20 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/25 14:13:20 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\Spybot - Search & Destroy.lnk
[2011/06/17 21:38:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 19:29:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 16:26:04 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/04 18:17:40 | 021,031,601 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\03 - Korean I - Unit 3.mp3
[2011/07/04 18:17:25 | 021,129,239 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/06/28 13:23:06 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 13:23:05 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/28 13:13:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/06/25 14:13:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/25 14:13:20 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\Spybot - Search & Destroy.lnk
[2011/03/06 17:40:09 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/03/06 17:39:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/03/06 17:38:34 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/02/03 12:21:23 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/07 15:03:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/17 11:04:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/07/06 10:11:47 | 000,112,832 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/07/06 10:11:47 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/04/26 18:07:03 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/08/06 16:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/29 15:23:43 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/07/09 17:17:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/10/16 11:16:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/20 20:28:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/06/20 20:28:36 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/20 20:28:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2005/06/20 20:27:37 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/03/22 17:31:40 | 000,000,356 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI
[2005/03/22 13:14:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/02/24 15:12:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/11 16:57:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/20 10:09:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/02 18:20:09 | 000,000,321 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2004/01/15 17:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2003/10/27 15:54:48 | 000,000,458 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2003/09/15 12:15:47 | 000,151,552 | R--- | C] () -- C:\WINDOWS\UnUSBDrv.exe
[2003/04/03 18:47:56 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/04/03 18:47:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/03/12 16:43:03 | 000,003,584 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2003/03/12 16:43:03 | 000,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2003/03/12 16:41:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2003/03/12 16:12:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jerome\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/03/06 10:26:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/06 10:19:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2003/03/06 10:16:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/06 10:09:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/03/06 10:07:10 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/03/06 10:07:10 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/03/06 09:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/25 00:12:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/09/03 10:05:08 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2005/07/11 11:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\English Nature
[2009/02/11 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\GARMIN
[2011/06/24 20:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\GetRightToGo
[2005/03/25 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Hemera
[2005/06/28 17:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\HTML Executable
[2009/02/25 01:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Image Zone Express
[2007/10/02 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\iWin
[2003/09/03 23:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Jasc
[2006/07/12 16:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Leadertech
[2008/10/03 23:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\SpinTop
[2003/03/12 16:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Template
[2007/04/27 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\TSO
[2003/10/27 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Webster's World Encyclopedia
[2006/03/22 13:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerome\Application Data\Win_Fixer_2006
[2005/06/27 18:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
[2011/03/11 18:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/06 18:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2003/03/06 10:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/06 18:31:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/03 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/03/06 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2004/04/27 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/06/25 13:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/09 00:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/06 17:03:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF3EE5AA
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 06 July 2011 - 01:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
iWinGamesInstaller
HidServ
AVGIDSAgent
AppMgmt

:OTL
SRV - File not found [Auto | Stopped] -- -- (iWinGamesInstaller)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [seekmo] File not found
O4 - HKLM..\Run: [WinFX_cwr] C:\Program Files\Common Files\Win Fixer 2006\wfcookwr.exe ()
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [updateMgr] File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O32 - AutoRun File - [2006/06/15 10:14:17 | 000,000,048 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found

:files
C:\Program Files\Common Files\Win Fixer 2006
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download, SAVE and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron
  • 0

#3
swansonadvent
Posted 07 July 2011 - 06:41 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is the result from the second scan, the one that isn't the custom fix. I did the custom fix but must have closed the report window or something because I didn't find it. I'll do it again and put it in my next post. I have to do it bit by bit like this because the malware is slowing down my computer so much. Thanks very much for your response, btw.




OTL logfile created on: 07/07/2011 13:24:57 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Jerome\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.98 Mb Total Physical Memory | 51.61 Mb Available Physical Memory | 20.24% Memory free
625.91 Mb Paging File | 232.42 Mb Available in Paging File | 37.13% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 33.01 Gb Free Space | 59.11% Space Free | Partition Type: NTFS
Drive D: | 61.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.

Computer Name: DELL | User Name: Jerome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 07:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/23 10:53:12 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 15:40:16 | 001,697,112 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2007/11/06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003/10/16 13:25:32 | 000,118,784 | ---- | M] () -- C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
PRC - [2003/03/06 10:23:33 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\System32\DSentry.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\System32\PackethSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (iWinGamesInstaller)
SRV - File not found [Unknown | Stopped] -- -- (HidServ)
SRV - File not found [Unknown | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Unknown | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/10 05:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\System32\PackethSvc.exe -- (PackethSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/10/01 12:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2004/08/04 06:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 06:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 06:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 06:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 06:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 06:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 06:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 06:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 06:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 06:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/03/06 10:23:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/03/06 10:19:17 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/03/06 10:19:17 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/11 10:29:00 | 000,207,936 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/10 05:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/09/25 00:26:54 | 000,531,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]

[2011/02/15 19:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Extensions
[2011/06/28 13:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions
[2011/02/15 19:51:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 16:41:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2011/07/07 13:17:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [STManager] C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/...nagerPlugin.CAB (Tiscali Music Downloads)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/15 10:14:17 | 000,000,048 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{0d902941-5499-11d7-820b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0d902941-5499-11d7-820b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d902941-5499-11d7-820b-806d6172696f}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/04/03 04:16:12 | 000,507,904 | R--- | M] (Belkin)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/04/03 04:16:12 | 000,507,904 | R--- | M] (Belkin)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 13:14:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 18:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/06 18:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/07/06 16:47:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jerome\IECompatCache
[2011/07/05 20:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Temp
[2011/07/05 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Application Data\Malwarebytes
[2011/07/05 19:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/05 19:29:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/05 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/05 19:29:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 19:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/05 16:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/05 16:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\HiJackThis
[2011/06/28 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\Google Chrome
[2011/06/25 14:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/24 20:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Desktop\Downloads
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 13:18:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/07/07 13:17:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/07 13:06:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/07 13:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/07 13:04:57 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 12:03:20 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/06 17:53:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/06 16:54:37 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/06 16:42:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 21:50:06 | 021,129,239 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/07/05 19:29:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/02 07:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 20:00:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/06/30 03:14:27 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/30 03:14:27 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/29 09:44:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 09:44:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/25 14:13:20 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/25 14:13:20 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\Spybot - Search & Destroy.lnk
[2011/06/17 21:38:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 08:07:23 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/05 19:29:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/05 16:26:04 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/04 18:17:40 | 021,031,601 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\03 - Korean I - Unit 3.mp3
[2011/07/04 18:17:25 | 021,129,239 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/06/28 13:23:06 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 13:23:05 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/28 13:13:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/06/25 14:13:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/25 14:13:20 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\Spybot - Search & Destroy.lnk
[2011/03/06 17:40:09 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/03/06 17:39:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/03/06 17:38:34 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/02/03 12:21:23 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/07 15:03:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/17 11:04:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/07/06 10:11:47 | 000,112,832 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/07/06 10:11:47 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/04/26 18:07:03 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/08/06 16:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/29 15:23:43 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/07/09 17:17:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/10/16 11:16:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/20 20:28:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/06/20 20:28:36 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/20 20:28:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2005/06/20 20:27:37 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/03/22 17:31:40 | 000,000,356 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI
[2005/03/22 13:14:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/02/24 15:12:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/11 16:57:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/20 10:09:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/02 18:20:09 | 000,000,321 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2004/01/15 17:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2003/10/27 15:54:48 | 000,000,458 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2003/09/15 12:15:47 | 000,151,552 | R--- | C] () -- C:\WINDOWS\UnUSBDrv.exe
[2003/04/03 18:47:56 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/04/03 18:47:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/03/12 16:43:03 | 000,003,584 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2003/03/12 16:43:03 | 000,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2003/03/12 16:41:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2003/03/12 16:12:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jerome\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/03/06 10:26:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/06 10:19:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2003/03/06 10:16:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/06 10:09:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/03/06 10:07:10 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/03/06 10:07:10 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/03/06 09:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/25 00:12:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/09/03 10:05:08 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF3EE5AA
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C

< End of report >
  • 0

#4
swansonadvent
Posted 07 July 2011 - 07:18 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7028

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/07/2011 14:14:48
mbam-log-2011-07-07 (14-14-48).txt

Scan type: Quick scan
Objects scanned: 150955
Time elapsed: 18 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)
Okay and here is the log of my malwarebytes program. getting there slowly...





Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02} (Trojan.Zlob) -> Value: {F0993251-2512-4710-AF6E-0A13EA199D02} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F0993251-2512-4710-AF6E-0A13EA199D02} (Trojan.Zlob) -> Value: {F0993251-2512-4710-AF6E-0A13EA199D02} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
swansonadvent
Posted 07 July 2011 - 08:18 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
okay. here is the combo fix log. is all this enough to see what the problem is? many thanks for your time so far.


ComboFix 11-07-07.02 - Jerome 07/07/2011 14:41:29.1.1 - x86
Running from: c:\documents and settings\Jerome\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jerome\WINDOWS
c:\program files\Internet Explorer\SET525.tmp
c:\program files\Internet Explorer\SET529.tmp
c:\program files\Internet Explorer\SET52A.tmp
c:\windows\Debug\dcpromo.log
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\user32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-06 17:17 . 2011-07-07 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-07-06 15:47 . 2011-07-06 15:47 -------- d-sh--w- c:\documents and settings\Jerome\IECompatCache
2011-07-05 19:56 . 2011-07-05 19:56 -------- d-----w- c:\documents and settings\Jerome\Local Settings\Application Data\Temp
2011-07-05 18:30 . 2011-07-05 18:30 -------- d-----w- c:\documents and settings\Jerome\Application Data\Malwarebytes
2011-07-05 18:29 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 18:29 . 2011-07-05 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-05 18:29 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 18:29 . 2011-07-07 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 15:28 . 2011-07-05 15:28 388096 ----a-r- c:\documents and settings\Jerome\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-05 15:28 . 2011-07-05 15:28 -------- d-----w- c:\program files\Trend Micro
2011-06-24 19:50 . 2011-06-25 12:59 -------- d-----w- c:\program files\Spyware Doctor
2011-06-24 19:50 . 2011-06-25 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-11 17:31 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-03-11 17:31 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-03-11 17:31 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-03-11 17:31 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-03-11 17:31 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-03-11 17:31 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-03-11 17:31 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-03-11 17:31 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2002-08-29 05:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-08-29 05:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-10-21 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 05:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2002-08-29 05:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 05:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 13:12 . 2011-03-09 17:41 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 290816]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-03-06 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-2-3 1077248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-6 45056]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Premiere 5.1\\premiere.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [11/03/2011 18:31 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [11/03/2011 18:31 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [11/03/2011 18:31 19544]
R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [16/07/2004 11:47 51200]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [05/07/2011 19:29 39984]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
2011-07-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
- c:\documents and settings\Jerome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 12:12]
.
2003-03-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-03-06 09:04]
.
2009-03-19 c:\windows\Tasks\WebReg psc 1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 16:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{F0993251-2512-4710-AF6E-0A13EA199D02} - (no file)
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2164)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-07 15:12:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-07 14:12
.
Pre-Run: 35,317,358,592 bytes free
Post-Run: 35,297,722,368 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D42AD5469BDBBB8858298208CD11502F
  • 0

#6
RKinner
Posted 07 July 2011 - 08:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
It should be much improved already. Each program removed some malware. It looks to me like your spydot s&d tea timer is still active so go into Control Panel, Add/Remove Programs and remove Spybot S&D. You can reinstall it when we are done.

I see signs of an AOL installation. If you are not using them please uninstall any AOL software.

Also of Threatfire. Please uninstall if still present.

You have some signs that Symantec/Norton was installed on your PC so Download, Save, & Run the Norton Removal tool to get rid of the last traces:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Also I see signs of an earlier AVG install so download, save and run the AVG removal tool.
http://download.avg....6_2011_1322.exe


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\SYSTEM32\PackethSvc.exe
c:\windows\system32\drivers\TfFsMon.sys
c:\windows\system32\drivers\TfSysMon.sys
c:\windows\system32\drivers\RkPavproc1.sys
c:\windows\system32\drivers\TfNetMon.sys
c:\windows\Tasks\Symantec NetDetect.job

Driver::
PackethSvc
TfFsMon
TfSysMon
RkPavproc1
TfNetMon



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get SIW

http://www.snapfiles.com/get/siw.html

Run it and under Hardware look for Sensors. Click on Sensors and look in the right pane there should be some temperature readings. What are they? Watch your video for a little bit then look again. Are the temps going up?

Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
swansonadvent
Posted 08 July 2011 - 12:20 PM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay. here is the combo fix log. couldn't find any aol stuff, but got rid of avg, spybot and norton. will run the avast runs now. thanks again.

ComboFix 11-07-07.06 - Jerome 08/07/2011 16:48:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.125 [GMT 1:00]
Running from: c:\documents and settings\Jerome\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Jerome\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\drivers\RkPavproc1.sys"
"c:\windows\system32\drivers\TfFsMon.sys"
"c:\windows\system32\drivers\TfNetMon.sys"
"c:\windows\system32\drivers\TfSysMon.sys"
"c:\windows\SYSTEM32\PackethSvc.exe"
"c:\windows\Tasks\Symantec NetDetect.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SYSTEM32\PackethSvc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PACKETHSVC
-------\Legacy_RKPAVPROC1
-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_PackethSvc
-------\Service_RkPavproc1
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-06 17:17 . 2011-07-07 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-07-06 15:47 . 2011-07-06 15:47 -------- d-sh--w- c:\documents and settings\Jerome\IECompatCache
2011-07-05 19:56 . 2011-07-05 19:56 -------- d-----w- c:\documents and settings\Jerome\Local Settings\Application Data\Temp
2011-07-05 18:30 . 2011-07-05 18:30 -------- d-----w- c:\documents and settings\Jerome\Application Data\Malwarebytes
2011-07-05 18:29 . 2011-07-05 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-05 18:29 . 2011-07-08 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 15:28 . 2011-07-05 15:28 388096 ----a-r- c:\documents and settings\Jerome\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-05 15:28 . 2011-07-05 15:28 -------- d-----w- c:\program files\Trend Micro
2011-06-24 19:50 . 2011-06-25 12:59 -------- d-----w- c:\program files\Spyware Doctor
2011-06-24 19:50 . 2011-06-25 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-11 17:31 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-03-11 17:31 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-03-11 17:31 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-03-11 17:31 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-03-11 17:31 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-03-11 17:31 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-03-11 17:31 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-03-11 17:31 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:31 . 2002-08-29 05:00 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-08-29 05:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-29 05:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2005-10-21 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2002-08-29 05:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2002-08-29 05:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2002-08-29 05:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 13:12 . 2011-03-09 17:41 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 290816]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-03-06 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-2-3 1077248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-6 45056]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Premiere 5.1\\premiere.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [11/03/2011 18:31 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [11/03/2011 18:31 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [11/03/2011 18:31 19544]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
2011-07-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
- c:\documents and settings\Jerome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 12:12]
.
2009-03-19 c:\windows\Tasks\WebReg psc 1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 16:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 19:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(9220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ipconfig.exe
.
**************************************************************************
.
Completion time: 2011-07-08 19:16:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-08 18:16
ComboFix2.txt 2011-07-07 14:12
.
Pre-Run: 35,254,620,160 bytes free
Post-Run: 35,251,212,288 bytes free
.
- - End Of File - - 49B502966CD50FC3386C8DDC8E856DCA
  • 0

#8
swansonadvent
Posted 09 July 2011 - 03:02 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the log for quick scan. I'm starting to think that the PC is finally free of Smitfraud and this problem has been resolved. Are my hopes premature?



QuickScan Beta 32-bit v0.9.9.98
-------------------------------
Scan date: Sat Jul 09 09:57:28 2011
Machine ID: 201E2039



No infection found.
-------------------



Processes
---------
ati2evxx.exe 3796 C:\WINDOWS\SYSTEM32\ati2evxx.exe
Audible Download Manager 6 972 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
avast! Antivirus 404 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 780 C:\Program Files\AVAST Software\Avast\AvastUI.exe
BCM Modem Messaging Applet 576 C:\WINDOWS\BCMSMMSG.exe
Belkin Wireless Networking Utility 996 C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
BVRP Software TestLine 1024 C:\Program Files\Digital Line Detect\DLG.exe
Creative Media Explorer Detector 728 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
Creative Service for CDROM Access 3840 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
Creative Sync Manager 816 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
Dell - DVDSentry 608 C:\WINDOWS\SYSTEM32\DSentry.exe
DirectCD 684 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
drst.exe 800 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
Google Chrome 30412 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 30192 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 29592 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 27332 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 37996 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 41980 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
hp digital imaging - hp all-in-one seri 748 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
HP PML 3984 C:\WINDOWS\SYSTEM32\HPZipm12.exe
Microsoft® Windows® Operating System 39548 C:\WINDOWS\SYSTEM32\ipconfig.exe
Microsoft® Windows® Operating System 1232 C:\WINDOWS\SYSTEM32\spoolsv.exe
QuickTime 736 C:\Program Files\QuickTime\qttask.exe
RealPlayer (32-bit) 676 C:\Program Files\Real\RealPlayer\realplay.exe
SpeedTouch USB 700 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
(verified) GoogleToolbarNotifier 808 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System 312 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3736 C:\WINDOWS\SYSTEM32\alg.exe
(verified) Microsoft® Windows® Operating System 1248 C:\WINDOWS\SYSTEM32\csrss.exe
(verified) Microsoft® Windows® Operating System 30440 C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1332 C:\WINDOWS\SYSTEM32\lsass.exe
(verified) Microsoft® Windows® Operating System 1320 C:\WINDOWS\SYSTEM32\services.exe
(verified) Microsoft® Windows® Operating System 584 C:\WINDOWS\SYSTEM32\smss.exe
(verified) Microsoft® Windows® Operating System 1676 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1708 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1836 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1940 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 3764 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 4012 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1484 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1572 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1276 C:\WINDOWS\SYSTEM32\winlogon.exe


Network activity
----------------
Process AvastSvc.exe (404) connected on port 80 (HTTP) --> 84.53.132.81
Process AvastSvc.exe (404) connected on port 80 (HTTP) --> 66.220.158.25
Process AvastSvc.exe (404) connected on port 80 (HTTP) --> 209.85.146.138
Process chrome.exe (30192) connected on port 443 (HTTP over SSL) --> 74.125.230.130
Process chrome.exe (30192) connected on port 443 (HTTP over SSL) --> 209.85.143.132

Process svchost.exe (1572) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ATI 2D Component C:\WINDOWS\system32\Ati2mdxx.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Audible Download Manager 6 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
BCM Modem Messaging Applet C:\WINDOWS\BCMSMMSG.exe
Creative Media Explorer Detector C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
Creative Sync Manager C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
Dell - DVDSentry C:\WINDOWS\SYSTEM32\DSentry.exe
DirectCD C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
drst.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
hp digital imaging - hp all-in-one seri C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\sspipes.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\realplay.exe
SpeedTouch USB C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows Live Toolbar C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
(verified) Google Update C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
MusicManager Plugin C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe
MusicManager Plugin C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.od2
ArmHelper Control C:\WINDOWS\Downloaded Program Files\armhelper.ocx
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
BitDefender QuickScan C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.98_0\npqscan.dll
CD Tattoo Studio Plug-In C:\WINDOWS\Downloaded Program Files\OD2hpb.dll
Creative Software AutoUpdate Engine C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx
CTPID ActiveX Control Module C:\WINDOWS\Downloaded Program Files\CTPID.ocx
Garmin Communicator Plug-In C:\WINDOWS\Downloaded Program Files\GarminAxControl.ocx
Google Toolbar for IE c:\program files\google\googletoolbar1.dll
Google Update C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
HP Peripheral Interrogator C:\Program Files\Internet Explorer\plugins\nphppi.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Music Manager C:\WINDOWS\Downloaded Program Files\MusicManagerLib.dll
Music Manager C:\WINDOWS\Downloaded Program Files\MusicManagerPlaylist.dll
Music Manager Plugin C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx
MusicManager plugin C:\WINDOWS\Downloaded Program Files\MusicManagerInstaller.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.1.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
SpinTopDRM Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
SpinTopDRM Module C:\WINDOWS\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
SpinTopDRM Module C:\WINDOWS\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
SpinTopDRM Module C:\WINDOWS\Downloaded Program Files\stg_drm.ocx
Windows Live Toolbar c:\program files\windows live toolbar\msntb.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: d7c0a1d1dda5e0dbed1532a3932fed5d C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MD5: 6223afd48d4aca148a8491984b047b5d C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MD5: 18bc712e0634e385ae16ff11f082f28b C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MD5: 4375470e685d6a02c4cae2fa4ef43a3a C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\chrome.dll
MD5: aaefd3da8ddd34d6b826e7d44d7f6ad1 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\gcswf32.dll
MD5: 70e875b0760af23814b562981135c88f C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\icudt.dll
MD5: 5fdff15f2193f5c54be1dab8f52240a3 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\locales\en-GB.dll
MD5: a08998a4b4c4e0a4ee8a35540474de7e C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\pdf.dll
MD5: 0aec04837002925dc3f7aa2c8d47d760 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MD5: 2c1b3203c86eeba979c3edbba4aa0698 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
MD5: 28b8df6c027e634cb3e8a53383ee97c6 C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.98_0\npqscan.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 69b16c7b7746ba5c642fc05b3561fc73 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: 054f770777dd40f1dbc601eec92088d3 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 9108f3fea45df9d4e1cc36e808744643 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: 0292ff9130b23544e882dc2eaac4604e C:\Program Files\Audible\Bin\AReadyLB.dll
MD5: f4bbb1b247cbd2e6cdf1502bf3c6510f C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
MD5: 08914bc785004fb29cb58ff435ec0a7b C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: afde47adfc785bffe2ccaebd31617871 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 48d892b1b3adb0a6502095ab0014d368 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: b14242184207da229a3ac25168ffc44a C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 14e6721d9883753a3c4bcf0159fa9ca8 C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 8b476d677dfe35efe7b3edbf377f0038 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: 958eae9951d450c33785aaa3e8c18643 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: fae73418fe3e9d62d1dc275c1a6470f7 C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: ea273c786c0f7537b84cb91dafc33079 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: 8941988b4aaf4713a3b3fcb294b2edf7 C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: a333dd2e324c6ba76a3d3e4bbcb94f3c C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 9fb89dbf8a2a3c26d036b8569b154590 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: ace9981252e1f262ac276b7615ef6feb C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: effc885db306a3677cc3a62647c6ad08 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: f0fe90c1f71fe7f6ddeaef8c0b6c4a24 C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: f24bdd5c07249766e15078d6a7bf9055 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: 96ffbb4c8e32325c1b49a393284f77ee C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 53fa4e859b6440eaf6673e813caa7c4e C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: af4a3cca045eee5f7a2280284052e361 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: 5a312e660ba43a3233efc11146d3a318 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 9ad6a0464da99fada8677f495ff84043 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 3992d00ea19fcde5710e31b1768efa20 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: a822e400eb848449368a2d6c99dee8e8 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: d662f9567979fcacac8301b6ce18971b C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 19c6484fd56c29dee30f1c6f8cbd374d C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 2fd69aee607066766930ceb925db0459 C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: dc9ec6dbb7b5ac6d1ec070df4e8ed903 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 95ffe45120788d0bac3071a913172a58 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: fd2d867fe775cc5357cecf2f14515b61 C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 464fdfa22c63d742de476a83042d53f9 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: acd4e66d0abdcd3e74a1673cdeb38fcc C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: f01e06906743d0bc93d51328f4cdb8ce C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 75d85bd73b985dd443ea640c0a907b4f c:\program files\avast software\avast\aswwebrepie.dll
MD5: d16c826f375a44802bf317982e81a7e2 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: e7cf222185411c6a3e68273c452b3283 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: d28f68d1b224e4b254fd5fcecc941340 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 6acc542f153db2c40995245e82c8eecc C:\Program Files\AVAST Software\Avast\defs\11070801\algo.dll
MD5: ec39064baeb0819098de2ea8814300b9 C:\Program Files\AVAST Software\Avast\defs\11070801\arPot.dll
MD5: b6fcc5d3a69e64c1dc0d9da4059804f9 C:\Program Files\AVAST Software\Avast\defs\11070801\aswCmnBS.dll
MD5: aedcfcd587a453774106aaba9c07fec8 C:\Program Files\AVAST Software\Avast\defs\11070801\aswCmnIS.dll
MD5: dc161d83851521577c26a3f37c995db3 C:\Program Files\AVAST Software\Avast\defs\11070801\aswCmnOS.dll
MD5: ab0350e01c67b22ba5355ea20b16341d C:\Program Files\AVAST Software\Avast\defs\11070801\aswEngin.dll
MD5: a0c02cac04f066772a405d2ff6fa2394 C:\Program Files\AVAST Software\Avast\defs\11070801\aswScan.dll
MD5: fa97ad1885871c3184427138b7c1dd41 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 7f55a31f674b37e3958cbf71c9914f45 C:\Program Files\Belkin\F6D4050\v1\acAuth.dll
MD5: 11c114484d7f282d96a22358ecd34c01 C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
MD5: 6dea6ee9c3576129978e705eddf941fb C:\Program Files\Belkin\F6D4050\v1\SCMLib.dll
MD5: 5afad94ba9e4750ea37599295fb0d1aa C:\Program Files\Belkin\F6D4050\v1\WcuiDLL.dll
MD5: fc035d73e2d57e09fb09dc6c917a6f2f C:\Program Files\Common Files\Real\Common\pnen3260.dll
MD5: c569002a381628a7d563053b9c4a81bc C:\Program Files\Common Files\Real\Common\pngu3266.dll
MD5: 6978e778055563a9505890a9df8f59de C:\Program Files\Common Files\Real\Common\pnrs3260.dll
MD5: 2c76f63b90ce49a293625ef212dac996 C:\Program Files\Common Files\Real\Common\rpcl3260.dll
MD5: bebc7d51cf523b6431afecd7a01a2a4c C:\Program Files\Common Files\Real\Plugins\aaffmt.dll
MD5: a794a935c65ebf3ddcd4592088d9369e C:\Program Files\Common Files\Real\Plugins\pnxr3260.dll
MD5: c8e241fb54432e49adfdee4c1ecce999 C:\Program Files\Common Files\Real\Update\rnqu3260.dll
MD5: 4db36d0e0732c857fd66a07069a8396a C:\Program Files\Common Files\Real\Update\rpup3260.dll
MD5: 4d9d7d974cc094069fe984e475612489 C:\Program Files\Common Files\Real\Update\setu3260.dll
MD5: 7e99a54db6c29a3921efff5d603cf9a5 C:\Program Files\Common Files\Real\Update\upgr3260.dll
MD5: c5a750bccc238440a9769830d7cabd3c C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
MD5: 00d903a77d5d34d3ef548ef0beec2216 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTConfig.dll
MD5: 5a03f0602e0350f2a7561c42b683f352 C:\Program Files\Creative\Shared Files\MtpManU.dll
MD5: 52da484b1147aae6df7e4cbadd9e1b9a C:\Program Files\Creative\Sync Manager Unicode\AVSrcU2.dll
MD5: ce0ff9da42db18eb83e843e78e7ea19a C:\Program Files\Creative\Sync Manager Unicode\CTIntrfu.dll
MD5: a01b019a4b4facefc7f692cff1ff7d57 C:\Program Files\Creative\Sync Manager Unicode\CTMyComu.cte
MD5: 7cd335427aa11f8b60dad7811f653787 C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
MD5: 9b21347a00f9d8e9bb2e2928c45d9995 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MD5: 8e0df9e6e53652c7189d8d690088b244 C:\Program Files\Creative\Sync Manager Unicode\CTTEMgru.cte
MD5: c1e8862ca8677ba10a44348dce61ca52 C:\Program Files\Digital Line Detect\broadcom.dll
MD5: fc956f05636adb86f7ae717c6f3c8193 C:\Program Files\Digital Line Detect\BVRPDIAG.dll
MD5: 4e01f0db4e23da7a1dea6cfd50b3dcc4 C:\Program Files\Digital Line Detect\DLG.exe
MD5: 751c1d2ca2abf4a9f5a6b8d7d45b907c C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 52dec141d5ff9a4dd7843c7d4414e4a6 c:\program files\google\googletoolbar1.dll
MD5: 777506f72bea4f031db8fb27c92e196d C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll
MD5: b9fee9746ea4c117bda7ad5231139f9f C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_en-GB.dll
MD5: 1dc47ca76a0ffeaa25b45de5706f2115 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
MD5: 14d83973b1f50ec64b212d2bf0138b4a C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
MD5: ac116f16a7716a720a45d7ea47cfd983 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
MD5: 52e276ce67464d35602cfd59a87895a6 C:\Program Files\Internet Explorer\plugins\nphppi.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 09298fe71a279431d5a982de7a555e3b C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: eda049739349f0e837d4f55e8879d665 C:\Program Files\iPod\bin\iPodService.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 48562013cc12f291a57a9e2b8d46187d C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
MD5: 5872bebe1d212b7e7081e3429f7af4ee C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: ded51762aca3cb0212a2952c0cf3c21f C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
MD5: 21e45692c39206f13ec0f630817169ba C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
MD5: cc8cb7b975fb34ace90c7fa5f85efa6c C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
MD5: 9d1b2b0cd667f1e7c9c4a3a61e62c1dd C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
MD5: a52762d8de1a126daa87cd5099d5e7d4 C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
MD5: 90d41a3042c0eba231e42384fb41dbd5 C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
MD5: e2230ddbc056a54a1b73e7ced4b831f0 C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
MD5: 88bdd262f4e7aebcb7e15ba94fdcfcfd C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
MD5: 4c1b2896918ebdd522e1474f30dfa3a5 C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
MD5: b5c3dd7bc1a10dcaae84306462e12c18 C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
MD5: f01ffecd82cffc506a76f68e5c8bc096 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
MD5: aab25f4fe26a0c97fe5483280b72683b C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
MD5: 0e29b90a30acba7baee7220aa42d517e C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
MD5: 80550e5defe858c71f456612d450d804 C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
MD5: 1f09d31dd279e980cce56dc205dc19cb C:\Program Files\QuickTime\QTSystem\QuickTimeQD3D.qtx
MD5: 9b188b6bec6d5a4aff09fc2a0995842c C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
MD5: c731e0f891787812dcda5ec13c6b317a C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
MD5: 2288024e26b1d72dbe5cc1d0a5f56775 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
MD5: 243678a71268fbe676aef9562b950432 C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
MD5: caf03357de72f8f19fa099581a685c1a C:\Program Files\QuickTime\qttask.exe
MD5: 849d97fe4cc09cfc2772d10f641e1baf C:\Program Files\Real\RealPlayer\realplay.exe
MD5: 9265248e670255b8c1a792af948099db C:\Program Files\Real\RealPlayer\rnms3260.dll
MD5: 1508c5c385c860c68e0978ec81ab9e0a C:\Program Files\Real\RealPlayer\rpap3260.dll
MD5: dd151a5a100aa4fd2890c34f2e650880 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll
MD5: bc21ed6454fb9c7f1adf0a663ac96392 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
MD5: d0866bee04a3ababd0d3dceb1d95d491 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll
MD5: ba4825a014f996d5ba19652e03671277 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
MD5: 0a555bedebf4a50bc1103ff3cbbba585 C:\Program Files\SpeedTouch\Dr SpeedTouch\drstdc.dll
MD5: ae9a5999fe066043bb156ba6f0152b68 C:\Program Files\SpeedTouch\Dr SpeedTouch\drstdchost.dll
MD5: b4b4500fe8803ffb38370c1f9db344f0 C:\Program Files\SpeedTouch\Dr SpeedTouch\drstguimanager.dll
MD5: b629db04c2bf42dff7e944879ba706b6 C:\Program Files\SpeedTouch\Dr SpeedTouch\drsthelp.dll
MD5: f924bcbc4cbbd8ff78c08516eb4142c1 C:\Program Files\SpeedTouch\Dr SpeedTouch\drstsystray.dll
MD5: 62777385f429fa2e597c93ccff41ee7a C:\Program Files\SpeedTouch\Dr SpeedTouch\qt-mt310.dll
MD5: c13aaf5362cd0d921ab1a7b025d1e8f5 C:\Program Files\SpeedTouch\Dr SpeedTouch\qwt.dll
MD5: d40191aa225638ab20e59524cdd74030 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: cee1be1da21300208d07fbeae9ea2b51 c:\program files\windows live toolbar\msntb.dll
MD5: 07ce95c9d92c9d09442c793ae27669cc C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
MD5: 8bbb9feec360f11867b28059b5360843 c:\program files\yahoo!\companion\installs\cpn\yt.dll
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 2d99607f21ff368c0e335a2d91a052a1 C:\WINDOWS\BCMSMMSG.exe
MD5: cc71c320e60329bca48629e9e4faaa97 C:\WINDOWS\Downloaded Program Files\armhelper.ocx
MD5: 6f911d1222e15ca5966ed5c3b482a29e C:\WINDOWS\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
MD5: 6f911d1222e15ca5966ed5c3b482a29e C:\WINDOWS\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
MD5: c9798b0ab0efeb93818cac960842a1b9 C:\WINDOWS\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
MD5: 90957451f49e0357c65d5924a37b4168 C:\WINDOWS\Downloaded Program Files\CTPID.ocx
MD5: 987047e9cd80b5793f3109b9ec6baee5 C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx
MD5: beeb1e0ff68bc3481b8471ef655b6512 C:\WINDOWS\Downloaded Program Files\GarminAxControl.ocx
MD5: 8878a427ecfdf4a0d452c6f4a36d284a C:\WINDOWS\Downloaded Program Files\MusicManagerInstaller.dll
MD5: cc33b98798e10707a870eb949128dd06 C:\WINDOWS\Downloaded Program Files\MusicManagerLib.dll
MD5: 5240d8b77e7bbceb3881dc274e434a19 C:\WINDOWS\Downloaded Program Files\MusicManagerPlaylist.dll
MD5: 04a65d2170dec5584c91e7413f400b4e C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx
MD5: 17391eb2f6df4795fdaa62b0fc67256a C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe
MD5: 17391eb2f6df4795fdaa62b0fc67256a C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.od2
MD5: b20a0d38e02171bc3673ef31a51e82c9 C:\WINDOWS\Downloaded Program Files\OD2hpb.dll
MD5: 6f911d1222e15ca5966ed5c3b482a29e C:\WINDOWS\Downloaded Program Files\stg_drm.ocx
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 66925af7270e589d445cc45183f4ecfc C:\WINDOWS\SYSTEM32\ati2evxx.exe
MD5: fae95d6d7651b5629c4e19adbc9a3863 C:\WINDOWS\system32\Ati2mdxx.exe
MD5: 67024867c8e6b33c1406a4d5e8f78474 C:\WINDOWS\system32\bcmdmmoh.dll
MD5: 402c9d2691ae7b2a8efdded9124203b7 C:\WINDOWS\system32\cewmdm.dll
MD5: a31d3787ecb0e43ef63ce410f4e96c18 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 3c8b6609712f4ff78e521f6dcfc4032b C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 914a9709fc3bf419ad2f85547f2a4832 C:\WINDOWS\System32\DRIVERS\61883.sys
MD5: 0f2d66d5f08ebe2f77bb904288dcf6f0 C:\WINDOWS\system32\drivers\ac97intc.sys
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: 023867b6606fbabcdd52e089c4a507da C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys
MD5: 0940030d5a5869067ccc03e3b0b8dec7 C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
MD5: 4c9577888c53243e2991456f510488a1 C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
MD5: 976e8a111dabf4fc6e4fd0f0d24e181b C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: e63719611f3a13ae65aca73422807442 C:\WINDOWS\system32\drivers\AtlsAud.sys
MD5: 277f9b5a4e6d6aaa734e0578a4c8174a C:\WINDOWS\System32\Drivers\AtlsVid.sys
MD5: f8e6956a614f15a0860474c5e2a7de6b C:\WINDOWS\System32\DRIVERS\avc.sys
MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\System32\DRIVERS\BCMSM.sys
MD5: 56ab585a307909c4447d5900a10c6bc7 C:\WINDOWS\System32\DRIVERS\e100b325.sys
MD5: 6e883bf518296a40959131c2304af714 C:\WINDOWS\System32\DRIVERS\el90xbc5.sys
MD5: 9f1d80908658eb7f1bf70809e0b51470 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: f7e3e9d50f9cd3de28085a8fdaa0a1c3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: cf1b7951b4ec8d13f3c93b74bb2b461b C:\WINDOWS\system32\DRIVERS\HPZius12.sys
MD5: 06b7ef73ba5f302eecc294cdf7e19702 C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 1477849772712bac69c144dcf2c9ce81 C:\WINDOWS\System32\DRIVERS\msdv.sys
MD5: 1d3bb79a0035077297779c8c52ca3c01 C:\WINDOWS\system32\drivers\NMSCFG.SYS
MD5: 1d98907d80461371437a7c898c58c8ae C:\WINDOWS\System32\DRIVERS\omci.sys
MD5: c90018bafdc7098619a4a95b046b30f3 C:\WINDOWS\System32\DRIVERS\p3.sys
MD5: 65a31e0eeaacc22871fe97c5ac23156c C:\WINDOWS\system32\DRIVERS\rt2870.sys
MD5: 8583e3dc5285eb3ddfb74fb646cdf295 C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: 7b5b44efe5eb9dadfb8ee29700885d23 C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
MD5: eb1f6bab6c22ede0ba551b527475f7e9 C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
MD5: 03ce989d846c1aa81145cb22fcb86d06 C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\System32\DRIVERS\wanatw4.sys
MD5: 85d294b1ba9307c229c099d1699c19ee C:\WINDOWS\System32\DRIVERS\wandrv.sys
MD5: d83bdd5c059667a2f647a6be5703a4d2 C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
MD5: ed968d23354daa0d7c621580c012a1f6 C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
MD5: d738273f218a224c1ddac04203f27a84 C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
MD5: 0052d118995cbab152daabe6106d1442 C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
MD5: 525849b4469de021d5d61b4db9be3a9d C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
MD5: 589c2bcdb5bd602bf7b63d210407ef8c C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
MD5: 3bc0b332cac05c40a0c42122a6c4bfc0 C:\WINDOWS\SYSTEM32\DSentry.exe
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 36247c6d5e1fe03a56ee81bb99d7e68c C:\WINDOWS\system32\hptcpmib.dll
MD5: e0b83adfb16d794a0d207fe119d03182 C:\WINDOWS\system32\HpTcpMon.dll
MD5: 5cc3838902a9257b79bd43f56d8b7275 C:\WINDOWS\system32\HPTcpMUI.dll
MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\SYSTEM32\HPZipm12.exe
MD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dll
MD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dll
MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\ieframe.dll
MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll
MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll
MD5: 34781a7e9683f42c4b2fe6f09456568c C:\WINDOWS\SYSTEM32\ipconfig.exe
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: f5cdb60ac042d272194f907d799f39a4 C:\WINDOWS\system32\l3codecx.acm
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\System32\MFC42.DLL
MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL
MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 499c090cefa6fda770d214ef67a18f5a C:\WINDOWS\system32\MsPMSP.dll
MD5: 8329bc62e7b741a7a44b600c7ae2e56c C:\WINDOWS\system32\MSWMDM.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: 315beca26ccc217151fd4c38853df21c C:\WINDOWS\System32\NMSSvc.exe
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: b9807bddd55d3d4da93a0bf5f67e4144 C:\WINDOWS\system32\PNCRT.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\SYSTEM32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: d5b0ed8eca34f8480e555f47269ab0ba C:\WINDOWS\System32\sspipes.scr
MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll
MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: ef84ed40b288c4576a32d76e60317d6b C:\WINDOWS\system32\WMDMPS.dll
MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll
MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.94 KB recvd
Scanned 708 files and modules - 131 seconds

==============================================================================
  • 0

#9
swansonadvent
Posted 09 July 2011 - 03:08 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the Process explorer log. When my avast virus checker expires and when I re-install anti-spyware software which anti-virus/anti-spyware programs would you recommend for daily protection?





Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 34.85 0 K 16 K
csrss.exe 1248 15.15 1,848 K 2,260 K Client Server Runtime Process Microsoft Corporation
ipconfig.exe 42284 7.58 3,080 K 5,556 K IP Configuration Utility Microsoft Corporation
System 4 4.55 0 K 36 K
services.exe 1320 4.55 2,068 K 1,292 K Services and Controller app Microsoft Corporation
Belkinwcui.exe 996 4.55 3,624 K 2,636 K Belkin Wireless Networking Utility Belkin International, Inc.
drst.exe 800 3.03 7,608 K 2,136 K
chrome.exe 27332 3.03 17,556 K 7,856 K Google Chrome Google Inc.
svchost.exe 1676 1.52 18,020 K 11,132 K Generic Host Process for Win32 Services Microsoft Corporation
Interrupts n/a 1.52 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 41696 3,140 K 5,352 K WMI Microsoft Corporation
winlogon.exe 1276 6,664 K 488 K Windows NT Logon Application Microsoft Corporation
svchost.exe 1940 1,712 K 888 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1484 3,244 K 1,468 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1572 2,032 K 1,368 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1708 2,644 K 76 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1836 1,756 K 1,244 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3764 1,604 K 56 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 4012 2,652 K 60 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1232 4,244 K 820 K Spooler SubSystem App Microsoft Corporation
smss.exe 584 172 K 44 K Windows NT Session Manager Microsoft Corporation
realplay.exe 676 3,828 K 2,788 K RealPlayer RealNetworks, Inc.
qttask.exe 736 884 K 64 K QuickTime Task Apple Computer, Inc.
procexp.exe 41420 12,408 K 17,048 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
notepad.exe 42592 1,420 K 464 K Notepad Microsoft Corporation
lsass.exe 1332 4,148 K 1,188 K LSA Shell (Export Version) Microsoft Corporation
HPZipm12.exe 3984 792 K 200 K PML Driver HP
hpwuSchd2.exe 748 852 K 60 K Hewlett-Packard Product Assistant Hewlett-Packard Co.
GoogleToolbarNotifier.exe 808 3,352 K 276 K GoogleToolbarNotifier Google Inc.
explorer.exe 312 16,824 K 3,932 K Windows Explorer Microsoft Corporation
DSentry.exe 608 768 K 80 K DVDSentry Dell - Advanced Desktop Engineering
dragdiag.exe 700 912 K 512 K SpeedTouch Statistics THOMSON Telecom Belgium
DLG.exe 1024 1,476 K 72 K Digital Line Detection BVRP Software
Directcd.exe 684 1,840 K 492 K DirectCD Application Roxio
CTSyncU.exe 816 8,196 K 196 K Creative Sync Manager
CTSVCCDA.EXE 3840 692 K 48 K Creative Service for CDROM Access Creative Technology Ltd
ctfmon.exe 30440 1,148 K 288 K CTF Loader Microsoft Corporation
CTCheck.exe 728 3,680 K 40 K Creative Media Explorer Detector Creative Technology Ltd
chrome.exe 30412 62,364 K 39,068 K Google Chrome Google Inc.
chrome.exe 41980 8,420 K 2,528 K Google Chrome Google Inc.
chrome.exe 29592 9,628 K 6,184 K Google Chrome Google Inc.
chrome.exe 30192 26,200 K 25,512 K Google Chrome Google Inc.
chrome.exe 37996 19,368 K 2,368 K Google Chrome Google Inc.
BCMSMMSG.exe 576 792 K 212 K Modem Messaging Applet Broadcom Corporation
AvastUI.exe 780 13,372 K 208 K avast! Antivirus AVAST Software
AvastSvc.exe 404 15,068 K 1,756 K avast! Service AVAST Software
AudibleDownloadHelper.exe 972 9,288 K 176 K Download Manager for Audible content Audible, Inc.
ati2evxx.exe 3796 716 K 52 K ATI External Event Utility EXE Module ATI Technologies Inc.
ARP.EXE 40300 68 K 60 K
alg.exe 3736 1,444 K 80 K Application Layer Gateway Service Microsoft Corporation
  • 0

#10
swansonadvent
Posted 09 July 2011 - 03:30 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the two OTL logs.

OTL logfile created on: 09/07/2011 10:16:47 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Jerome\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.98 Mb Total Physical Memory | 58.96 Mb Available Physical Memory | 23.13% Memory free
625.91 Mb Paging File | 256.48 Mb Available in Paging File | 40.98% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 32.68 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 61.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.

Computer Name: DELL | User Name: Jerome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 07:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/23 10:53:12 | 001,077,248 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 15:40:16 | 001,697,112 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2007/11/06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/07/17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003/10/16 13:25:32 | 000,118,784 | ---- | M] () -- C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
PRC - [2003/03/06 10:23:33 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/10 17:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 17:06:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerome\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/10 05:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/10/01 12:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys -- (rt2870)
DRV - [2004/08/04 06:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 06:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 06:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 06:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 06:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 06:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 06:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 06:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 06:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 06:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/06 10:23:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/03/06 10:19:17 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/03/06 10:19:17 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/11 10:29:00 | 000,207,936 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsVid.sys -- (EMATCORE)
DRV - [2002/10/11 10:29:00 | 000,025,600 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AtlsAud.sys -- (AtlsAud)
DRV - [2002/10/10 05:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/09/25 00:26:54 | 000,531,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 18:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 18:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 18:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 17:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jerome\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 16:41:50 | 000,000,000 | ---D | M]

[2011/02/15 19:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Extensions
[2011/06/28 13:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions
[2011/02/15 19:51:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\fsb3syzo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 16:41:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2011/07/08 17:02:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [STManager] C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/...nagerPlugin.CAB (Tiscali Music Downloads)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15035/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/15 10:14:17 | 000,000,048 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/09 09:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Application Data\QuickScan
[2011/07/09 06:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/07 14:37:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/07 14:31:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/07 14:31:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/07 14:31:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/07 14:31:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/07 14:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 14:30:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/06 18:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/06 18:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/07/06 16:47:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jerome\IECompatCache
[2011/07/05 20:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Local Settings\Application Data\Temp
[2011/07/05 19:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Application Data\Malwarebytes
[2011/07/05 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/05 19:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/05 16:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/05 16:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\HiJackThis
[2011/06/28 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Start Menu\Programs\Google Chrome
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/06/24 20:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/24 20:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerome\Desktop\Downloads
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/09 10:03:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/07/09 07:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/08 20:15:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/07/08 20:13:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/07/08 20:12:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/07/08 19:24:14 | 267,436,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 17:02:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/07/08 13:18:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/07/07 14:38:04 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/07/06 16:54:37 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/06 16:42:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 21:50:06 | 021,129,239 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 03:14:27 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/06/30 03:14:27 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/06/29 09:44:52 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/29 09:44:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/17 21:38:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 14:38:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/07 14:38:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/07 14:31:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/07 14:31:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/07 14:31:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/07 14:31:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/07 14:31:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/07 08:07:23 | 267,436,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/05 16:26:04 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\HiJackThis.lnk
[2011/07/04 18:17:40 | 021,031,601 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\03 - Korean I - Unit 3.mp3
[2011/07/04 18:17:25 | 021,129,239 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\02 - Korean I - Unit 2.mp3
[2011/06/28 13:23:06 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Jerome\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/28 13:23:05 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Jerome\Desktop\Google Chrome.lnk
[2011/06/28 13:13:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-638132830-1069278836-2914725551-1006Core.job
[2011/03/06 17:40:09 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/03/06 17:39:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/03/06 17:38:34 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/02/03 12:21:23 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/04/07 15:03:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/17 11:04:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/07/06 10:11:47 | 000,112,832 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/07/06 10:11:47 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/04/26 18:07:03 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/08/06 16:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/03/29 15:23:43 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/07/09 17:17:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/10/16 11:16:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/20 20:28:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/06/20 20:28:36 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/20 20:28:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Restart.exe
[2005/06/20 20:27:37 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2005/03/22 17:31:40 | 000,000,356 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI
[2005/03/22 13:14:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/02/24 15:12:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/11 16:57:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/07/20 10:09:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/02 18:20:09 | 000,000,321 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2004/01/15 17:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2003/10/27 15:54:48 | 000,000,458 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2003/09/15 12:15:47 | 000,151,552 | R--- | C] () -- C:\WINDOWS\UnUSBDrv.exe
[2003/04/03 18:47:56 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/04/03 18:47:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/03/12 16:43:03 | 000,003,584 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2003/03/12 16:43:03 | 000,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2003/03/12 16:41:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2003/03/12 16:12:54 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Jerome\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/03/06 10:26:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/06 10:19:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2003/03/06 10:16:11 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/06 10:09:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/03/06 10:07:10 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/03/06 10:07:10 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/03/06 09:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/25 00:12:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/09/03 10:05:08 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF3EE5AA
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54301EF8
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFFC859A
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C

< End of report >

OTL Extras logfile created on: 09/07/2011 10:16:47 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Jerome\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

254.98 Mb Total Physical Memory | 58.96 Mb Available Physical Memory | 23.13% Memory free
625.91 Mb Paging File | 256.48 Mb Available in Paging File | 40.98% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 32.68 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 61.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Unable to calculate disk information.

Computer Name: DELL | User Name: Jerome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Disabled:Dr SpeedTouch -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Adobe\Premiere 5.1\premiere.exe" = C:\Program Files\Adobe\Premiere 5.1\premiere.exe:*:Enabled:Adobe Premiere 5.1 -- (Adobe Systems Incorporated)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4.2
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Atlantis
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = Tiscali Music Downloads
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}" = Dr SpeedTouch
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Dell Movie Studio Diagnostics
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Q903235" = Internet Explorer Q903235
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZEN (MTP) Media Explorer" = ZEN Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/06/2011 14:48:18 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/06/2011 12:30:45 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 25/06/2011 08:50:59 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/07/2011 12:46:45 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/07/2011 13:18:29 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/07/2011 12:48:32 | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 07/07/2011 00:28:35 | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 12.0.742.112, fault address 0x005a6a6c.

Error - 07/07/2011 03:19:46 | Computer Name = DELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/07/2011 03:22:29 | Computer Name = DELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/07/2011 03:29:38 | Computer Name = DELL | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 08/07/2011 11:48:44 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 08/07/2011 11:48:44 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Virtual NIC Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 08/07/2011 11:48:44 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 08/07/2011 11:48:45 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 08/07/2011 11:48:45 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 08/07/2011 11:48:45 | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 08/07/2011 12:00:34 | Computer Name = DELL | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_RKPAVPROC1\0000 disappeared from the system
without first being prepared for removal.

Error - 08/07/2011 12:00:34 | Computer Name = DELL | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_TFFSMON\0000 disappeared from the system without
first being prepared for removal.

Error - 08/07/2011 12:00:35 | Computer Name = DELL | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_TFNETMON\0000 disappeared from the system without
first being prepared for removal.

Error - 08/07/2011 12:00:35 | Computer Name = DELL | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_TFSYSMON\0000 disappeared from the system without
first being prepared for removal.


< End of report >
  • 0

#11
swansonadvent
Posted 09 July 2011 - 05:04 AM

swansonadvent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I just ran spybot a couple of times after I reinstalled it. Smitfraud is now gone, it would seem, but I still have plenty of tracking cookies coming up for Google chrome. One under double-click and one under media plex. are these well known malware programs?
  • 0

#12
RKinner
Posted 09 July 2011 - 09:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You have these two installed:

Dr SpeedTouch
SpeedTouch USB Software

Do you need them? Do you still have and use a speed touch modem?

Uninstall
Yahoo! Toolbar (there may be two of them).

Do you really use the Google Toolbar for Internet Explorer (may be two of them) and or the Windows Live Toolbar
If not uninstall.

Go to http://virustotal.com and submit
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
to them and if they don't say 0/42, copy and paste the result.

Repeat for C:\WINDOWS\SYSTEM32\csrss.exe

and

C:\WINDOWS\SYSTEM32\ipconfig.exe

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear All Events or Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

Vista
Is it still running slow?

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Process Explorer is still not happy but you may have had some other programs running. Let's try it again. Delete the old log file called Procexp.txt on your desktop. Make sure you close all other programs including this browser. Then run Process Explorer. Make sure that it still has the biggest CPU users at the top, let it work for a minute, then File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Actually I think the free Avast is about the best out there. If you add the free Online Armor firewall http://www.online-armor.com/ you have the equivalent of an expensive anti-virus suite.

The tracking cookies are just from some companies that show ads on websites you visit. They keep track of which ad they show you so you see a different ad each time you visit the site. The best way to cut down on tracking cookies is to install the free AdBlock Plus for Chrome. http://adblockplus.org/en/chrome It fools the websites into thinking you have already downloaded the ads so you never see them and will make Chrome even faster.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP