Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.BHO,Win32 Tracur.Q, .AC issues

Started by Shiftella , Sep 13 2011 01:00 PM

  • This topic is locked This topic is locked

#1
Shiftella
Posted 13 September 2011 - 01:00 PM

Shiftella

    Member

  • Member
  • PipPip
  • 23 posts
I have been having some issues and have been trying for days to fixem on my own and now I dont know if I have dug a deeper hole. I am desperately looking for help and dont know where to begin. I am having the google redirect issues, plus the internet seems slower than normal. I have downloaded a number of things to help resolve the issues some work then stop working and the issue returns. I have eliminated some of the threats I was facing but now Trojan.BHO fsharproj keeps showing up on mbam but apparently keeps getting deleted. I am running Microsoft Security Essentials and that has shown Trojan downloader Win32/Tracur.Q and Tracur.AC. Almost everytime I shutdown the computer I get a RunDLL not responding error. Also throughout this process I have downloaded a number of things that I cannot open from the desktop now I get an error Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am currently running Mbam, MSE, AVG free 2012, these were the only things I could get to run through all this attempting to clean my computer, they are currently working. A few thing I downloaded but cannot access currently are RKILL, Combofix, Free window registry repair. I cannot delete them. I did read the steps you guys posted, but did not want to start downloading even more things until I talked to someone. please help

Edited by Shiftella, 13 September 2011 - 01:02 PM.

  • 0

Advertisements

#2
Essexboy
Posted 13 September 2011 - 01:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets start easy and have a look at the system first - this programme will download as a screensaver, just double click to run

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Shiftella
Posted 13 September 2011 - 01:18 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL Extras logfile created on: 9/13/2011 12:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Brandon Nealson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.82% Memory free
4.84 Gb Paging File | 4.18 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 647.53 Gb Free Space | 92.69% Space Free | Partition Type: NTFS

Computer Name: BRANDON-B2B979A | User Name: Brandon Nealson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57617:TCP" = 57617:TCP:*:Enabled:Pando Media Booster
"57617:UDP" = 57617:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57617:TCP" = 57617:TCP:*:Enabled:Pando Media Booster
"57617:UDP" = 57617:UDP:*:Enabled:Pando Media Booster
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)
"C:\Program Files\Secunia\PSI\psi.exe" = C:\Program Files\Secunia\PSI\psi.exe:*:Enabled:Secunia PSI -- (Secunia)
"C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"I:\Installation\Setupx.exe" = I:\Installation\Setupx.exe:*:Disabled:Nero ProductSetup
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Verizon\FiOS\ihs\iHAStarter.exe" = C:\Program Files\Verizon\FiOS\ihs\iHAStarter.exe:*:Enabled:iHAStarter -- ()
"C:\Program Files\Verizon\FiOS\ihs\IHAUPDATE.exe" = C:\Program Files\Verizon\FiOS\ihs\IHAUPDATE.exe:*:Enabled:IHAUM -- ()
"C:\Program Files\Pando Networks\Media Booster\BsSndRpt.exe" = C:\Program Files\Pando Networks\Media Booster\BsSndRpt.exe:*:Disabled:Crash reporting Send Utility, BsSndRpt.exe -- (BugSplat, LLC)
"C:\Documents and Settings\Brandon Nealson\Local Settings\Temporary Internet Files\Content.IE5\3BRPW39N\scandsk[1].exe" = C:\Documents and Settings\Brandon Nealson\Local Settings\Temporary Internet Files\Content.IE5\3BRPW39N\scandsk[1].exe:*:Enabled:scandsk[1]
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A819907C-5912-4471-91D7-D94885A2C40B}" = AVG 2012
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCF98260-1FE9-4CEC-ACE7-88EE3158F23C}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2012
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free Window Registry Repair" = Free Window Registry Repair
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Photo Viewer_is1" = Photo Viewer s2.5
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Windows Media Format Runtime" = Windows Media Format Runtime
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2011 2:37:12 PM | Computer Name = BRANDON-B2B979A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x00067b98.

Error - 9/11/2011 2:52:13 PM | Computer Name = BRANDON-B2B979A | Source = Application Error | ID = 1001
Description = Fault bucket -1738062248.

Error - 9/11/2011 5:59:41 PM | Computer Name = BRANDON-B2B979A | Source = BugSplat | ID = 1
Description =

Error - 9/11/2011 5:59:45 PM | Computer Name = BRANDON-B2B979A | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/11/2011 6:25:51 PM | Computer Name = BRANDON-B2B979A | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module evazekud.dll, version 0.0.0.0, fault address 0x000238eb.

Error - 9/11/2011 6:26:17 PM | Computer Name = BRANDON-B2B979A | Source = Application Error | ID = 1001
Description = Fault bucket -1691025591.

Error - 9/11/2011 6:26:19 PM | Computer Name = BRANDON-B2B979A | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 9/12/2011 2:59:43 AM | Computer Name = BRANDON-B2B979A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2011 2:59:45 AM | Computer Name = BRANDON-B2B979A | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/12/2011 5:15:44 AM | Computer Name = BRANDON-B2B979A | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 9/13/2011 12:32:56 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%3

Error - 9/13/2011 12:32:56 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 9/13/2011 12:32:56 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%5

Error - 9/13/2011 1:02:39 PM | Computer Name = BRANDON-B2B979A | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Display Driver Service service failed to start due to the
following error: %%3

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The 7030 service failed to start due to the following error: %%2001

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%3

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 9/13/2011 1:03:02 PM | Computer Name = BRANDON-B2B979A | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%5


< End of report >


OTL logfile created on: 9/13/2011 12:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Brandon Nealson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.82% Memory free
4.84 Gb Paging File | 4.18 Gb Available in Paging File | 86.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 647.53 Gb Free Space | 92.69% Space Free | Partition Type: NTFS

Computer Name: BRANDON-B2B979A | User Name: Brandon Nealson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 12:11:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
PRC - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/11 16:24:40 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/08/19 06:23:54 | 001,215,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/08/15 19:07:35 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/12 06:10:32 | 000,967,564 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,184,828 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/18 23:44:40 | 000,986,808 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 17:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/09/11 16:24:40 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/15 19:07:35 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2008/04/14 05:00:00 | 000,361,472 | ---- | M] () -- C:\WINDOWS\evazekud.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (IHA_MessageCenter)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/10 23:54:38 | 000,219,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\ineltw32.dll -- (itlperf)
SRV - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,184,828 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/18 23:44:40 | 000,986,808 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 11:18:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\MpKsla8076036.sys -- (MpKsla8076036)
DRV - [2011/09/13 11:15:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\MpKslaa047dac.sys -- (MpKslaa047dac)
DRV - [2011/09/13 10:49:42 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\MpKsl48661eec.sys -- (MpKsl48661eec)
DRV - [2011/09/11 15:41:48 | 000,126,720 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\7030.sys -- (7030)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/21 15:17:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/30 11:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/17 16:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 16:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{96177168-D086-41BF-B9A2-BA0C698272FD}: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD} [2011/09/10 18:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/11 16:24:49 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3: - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Yjequrifumakulad] C:\WINDOWS\evazekud.dll ()
O4 - HKU\S-1-5-21-790525478-1284227242-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-790525478-1284227242-682003330-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F71DBE4-CAE8-49FC-8056-9108F47840BB}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ilnetw32: DllName - (ilnetw32.dll) - File not found
O20 - Winlogon\Notify\inetworks: DllName - (ilnetw32.dll) - File not found
O20 - Winlogon\Notify\IsWow64Process: DllName - (Asynchronous) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/19 18:21:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{597cbe80-af43-11dd-88fe-001fbc001b52}\Shell\AutoRun\command - "" = J:\InstallSeagateManager.exe
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{b451980c-8b8a-11de-8a0a-001fbc001b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b451980c-8b8a-11de-8a0a-001fbc001b52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b451980c-8b8a-11de-8a0a-001fbc001b52}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/13 12:11:08 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
[2011/09/12 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/12 01:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/09/11 23:23:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/09/11 22:07:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/11 16:32:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/11 16:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG2012
[2011/09/11 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/11 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG Secure Search
[2011/09/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/11 16:24:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/11 16:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/11 16:24:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/09/11 16:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/11 16:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/11 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 14:58:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/11 14:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/11 13:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/09/11 13:37:03 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Nealson\Desktop\mbam-setup.exe
[2011/09/11 10:54:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brandon Nealson\IECompatCache
[2011/09/11 02:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/11 02:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/09/11 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/11 02:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/11 02:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/11 01:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Secunia PSI
[2011/09/11 01:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/09/11 00:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\Malwarebytes
[2011/09/11 00:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/11 00:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/11 00:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/10 18:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}
[2011/09/10 18:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201
[2011/09/05 15:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/09/05 15:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Start Menu\Programs\Free Window Registry Repair
[2011/09/05 15:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/05 15:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\Uniblue
[2011/09/05 15:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\PackageAware
[2011/09/03 18:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Start Menu\Programs\Google Chrome
[2011/09/03 13:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google
[2011/09/03 13:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Deployment
[2011/08/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/08/30 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\TechWizard
[2011/08/18 13:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\riotsGamesLogs
[2011/08/17 22:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\LolClient
[2011/08/17 16:18:49 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/17 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011/08/15 19:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Desktop\LeagueOfLegends
[2011/08/15 19:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\PMB Files
[2011/08/15 19:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/15 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp files -> C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\*.tmp files -> C:\Documents and Settings\Brandon Nealson\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/13 12:11:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
[2011/09/13 11:55:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
[2011/09/13 11:34:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jkumexah.dat
[2011/09/13 11:23:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/13 11:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 09:47:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 09:46:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\b31e355d
[2011/09/13 09:44:12 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\53c3caa2
[2011/09/13 09:42:45 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\446642a7
[2011/09/13 09:38:19 | 103,742,777 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/13 09:37:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 09:33:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Txiqiyuk.bin
[2011/09/12 23:17:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\3b663a5d
[2011/09/12 09:13:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/12 01:12:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/12 01:11:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/11 23:54:05 | 076,143,504 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\msert.exe
[2011/09/11 23:34:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3408972043
[2011/09/11 23:23:31 | 004,203,458 | R--- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\ComboFix.exe
[2011/09/11 16:24:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/11 13:46:21 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/09/11 13:37:09 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Nealson\Desktop\mbam-setup.exe
[2011/09/11 13:35:59 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\iExplore.exe
[2011/09/11 10:56:08 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/11 10:37:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/11 10:33:58 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 02:23:55 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 00:03:13 | 000,637,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/10 18:55:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
[2011/09/09 11:43:00 | 000,007,705 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\My Documents\my resume revised.rtf
[2011/09/06 22:26:39 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/09/05 15:19:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Free Window Registry Repair.lnk
[2011/09/03 18:51:27 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Google Chrome.lnk
[2011/09/03 18:51:27 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/30 11:05:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/08/30 11:05:22 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/08/30 11:05:07 | 000,002,089 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\FiOS Information.lnk
[2011/08/30 11:05:06 | 000,002,118 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Install Verizon Media Manager.lnk
[2011/08/24 15:10:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/17 16:21:53 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp files -> C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\*.tmp files -> C:\Documents and Settings\Brandon Nealson\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 09:38:19 | 103,742,777 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/12 01:19:10 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/12 01:12:35 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2011/09/12 01:12:35 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2011/09/12 01:10:58 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/12 00:44:09 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/11 23:53:52 | 076,143,504 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\msert.exe
[2011/09/11 23:23:26 | 004,203,458 | R--- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\ComboFix.exe
[2011/09/11 16:24:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/11 14:58:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/11 13:35:54 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\iExplore.exe
[2011/09/11 10:56:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/11 10:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3408972043
[2011/09/11 02:23:55 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 02:07:34 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/11 02:07:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/11 01:50:37 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/09/11 00:02:55 | 000,637,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/10 18:55:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jkumexah.dat
[2011/09/10 18:55:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Txiqiyuk.bin
[2011/09/10 16:24:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\53c3caa2
[2011/09/10 16:21:03 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\446642a7
[2011/09/10 16:12:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\3b663a5d
[2011/09/10 15:14:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\b31e355d
[2011/09/05 15:19:12 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Free Window Registry Repair.lnk
[2011/09/03 18:51:27 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Google Chrome.lnk
[2011/09/03 18:51:27 | 000,002,336 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 18:50:43 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
[2011/09/03 18:50:42 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
[2011/08/30 11:05:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/08/30 11:05:22 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/08/30 11:05:16 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/08/30 11:05:07 | 000,002,089 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\FiOS Information.lnk
[2011/08/30 11:05:06 | 000,002,118 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Install Verizon Media Manager.lnk
[2011/08/17 16:21:53 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2010/10/13 19:40:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/13 19:40:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/13 19:40:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/13 19:40:19 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/25 10:56:29 | 000,137,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/25 10:56:29 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\PnkBstrK.sys
[2008/12/25 10:56:13 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/25 10:56:10 | 000,076,744 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/12/25 10:56:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/12/04 16:23:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/04 16:17:51 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 22:41:27 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/09/21 22:41:27 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/09/21 21:57:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/21 21:46:39 | 000,122,813 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2008/09/21 21:46:39 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/19 19:14:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/19 19:06:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/19 18:29:33 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/09/19 18:22:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/19 18:18:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/19 10:59:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/19 10:58:11 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/21 22:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,361,472 | ---- | C] () -- C:\WINDOWS\evazekud.dll
[2008/04/14 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/14 05:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2011/09/11 16:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/11 16:24:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/21 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/24 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/13 09:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/01 23:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/09/11 00:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/11 01:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201
[2011/09/11 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG Secure Search
[2011/09/11 16:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG2012
[2010/08/21 15:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\DAEMON Tools Lite
[2010/12/07 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\ElevatedDiagnostics
[2011/08/17 22:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\LolClient
[2009/11/10 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\OpenOffice.org
[2011/08/30 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\TechWizard
[2011/09/05 15:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\Uniblue
[2008/12/22 00:07:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1222062245.job
[2011/09/13 11:23:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\procs\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
Essexboy
Posted 13 September 2011 - 01:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you retry combofix please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/09/10 23:54:38 | 000,219,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\ineltw32.dll -- (itlperf)
    DRV - [2011/09/11 15:41:48 | 000,126,720 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\7030.sys -- (7030)
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
    IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4E 4E 84 0E 33 4D 1B 4F A6 55 50 50 2D 1E D9 FB [binary data]
    IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{96177168-D086-41BF-B9A2-BA0C698272FD}: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD} [2011/09/10 18:55:07 | 000,000,000 | ---D | M]
    O3: - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\Toolbar\WebBrowser - No CLSID value found.
    O3 - HKU\S-1-5-21-790525478-1284227242-682003330-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [Yjequrifumakulad] C:\WINDOWS\evazekud.dll ()
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\ilnetw32: DllName - (ilnetw32.dll) - File not found
    O20 - Winlogon\Notify\inetworks: DllName - (ilnetw32.dll) - File not found
    O20 - Winlogon\Notify\IsWow64Process: DllName - (Asynchronous) - File not found
    O33 - MountPoints2\{b451980c-8b8a-11de-8a0a-001fbc001b52}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
    [2011/09/13 11:34:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jkumexah.dat
    [2011/09/13 09:46:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\b31e355d
    [2011/09/13 09:44:12 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\53c3caa2
    [2011/09/13 09:42:45 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\446642a7
    [2011/09/13 09:33:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Txiqiyuk.bin
    [2011/09/12 23:17:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\3b663a5d
    [2011/09/11 23:34:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3408972043
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\procs\explorer.exe
    [2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\procs\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\h\explorer.exe
    [2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\h\explorer.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\userinit.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX0\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX1\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX2\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX3\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX4\winlogon.exe
    [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Nealson\Local Settings\Temp\RarSFX5\winlogon.exe

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Shiftella
Posted 13 September 2011 - 01:53 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL logfile created on: 9/13/2011 12:48:46 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Brandon Nealson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 77.76% Memory free
4.84 Gb Paging File | 4.28 Gb Available in Paging File | 88.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 650.09 Gb Free Space | 93.05% Space Free | Partition Type: NTFS

Computer Name: BRANDON-B2B979A | User Name: Brandon Nealson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 12:11:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
PRC - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/11 16:24:40 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/08/19 06:23:54 | 001,215,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/08/15 19:07:35 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/12 06:10:32 | 000,967,564 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,184,828 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/18 23:44:40 | 000,986,808 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 17:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/09/11 16:24:40 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/15 19:07:35 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (IHA_MessageCenter)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/09/11 16:24:41 | 000,240,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,184,828 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/18 23:44:40 | 000,986,808 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 12:43:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\MpKsl105b32a1.sys -- (MpKsl105b32a1)
DRV - [2011/09/13 11:18:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\MpKsla8076036.sys -- (MpKsla8076036)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/21 15:17:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/30 11:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/17 16:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 16:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-790525478-1284227242-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{96177168-D086-41BF-B9A2-BA0C698272FD}: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD} [2011/09/10 18:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/11 16:24:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/09/13 12:39:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-790525478-1284227242-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-790525478-1284227242-682003330-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1284227242-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F71DBE4-CAE8-49FC-8056-9108F47840BB}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/19 18:21:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{597cbe80-af43-11dd-88fe-001fbc001b52}\Shell\AutoRun\command - "" = J:\InstallSeagateManager.exe
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell - "" = AutoRun
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b139c31b-35db-11de-89b7-001fbc001b52}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/13 12:39:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 12:11:08 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
[2011/09/12 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/12 01:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/09/11 23:23:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/09/11 22:07:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/11 16:32:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/11 16:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG2012
[2011/09/11 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/11 16:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG Secure Search
[2011/09/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/11 16:24:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/11 16:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/11 16:24:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/09/11 16:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/11 16:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/11 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 14:58:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/11 14:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/11 13:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/09/11 13:37:03 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Nealson\Desktop\mbam-setup.exe
[2011/09/11 10:54:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brandon Nealson\IECompatCache
[2011/09/11 02:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/11 02:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/09/11 02:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/11 02:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/11 02:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/11 01:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Secunia PSI
[2011/09/11 01:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/09/11 00:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\Malwarebytes
[2011/09/11 00:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/11 00:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/11 00:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/10 18:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}
[2011/09/10 18:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201
[2011/09/05 15:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/09/05 15:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Start Menu\Programs\Free Window Registry Repair
[2011/09/05 15:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/05 15:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\Uniblue
[2011/09/05 15:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\PackageAware
[2011/09/03 18:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Start Menu\Programs\Google Chrome
[2011/09/03 13:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Google
[2011/09/03 13:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\Deployment
[2011/08/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/08/30 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\TechWizard
[2011/08/18 13:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\riotsGamesLogs
[2011/08/17 22:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Application Data\LolClient
[2011/08/17 16:18:49 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/08/17 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011/08/15 19:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Desktop\LeagueOfLegends
[2011/08/15 19:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\PMB Files
[2011/08/15 19:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/08/15 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[1 C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp files -> C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\*.tmp files -> C:\Documents and Settings\Brandon Nealson\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/09/13 12:48:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/13 12:43:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 12:39:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/13 12:11:17 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Nealson\Desktop\OTL.exe
[2011/09/13 11:55:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
[2011/09/13 09:47:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 09:38:19 | 103,742,777 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/13 09:37:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/12 09:13:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/12 01:12:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/12 01:11:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/11 23:54:05 | 076,143,504 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\msert.exe
[2011/09/11 23:23:31 | 004,203,458 | R--- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\ComboFix.exe
[2011/09/11 16:24:49 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/11 13:46:21 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/09/11 13:37:09 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon Nealson\Desktop\mbam-setup.exe
[2011/09/11 13:35:59 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\iExplore.exe
[2011/09/11 10:56:08 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/11 10:37:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/11 10:33:58 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/11 02:23:55 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 00:03:13 | 000,637,268 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/10 18:55:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
[2011/09/09 11:43:00 | 000,007,705 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\My Documents\my resume revised.rtf
[2011/09/06 22:26:39 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/09/05 15:19:12 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Free Window Registry Repair.lnk
[2011/09/03 18:51:27 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Google Chrome.lnk
[2011/09/03 18:51:27 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/30 11:05:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/08/30 11:05:22 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/08/30 11:05:07 | 000,002,089 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\FiOS Information.lnk
[2011/08/30 11:05:06 | 000,002,118 | ---- | M] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Install Verizon Media Manager.lnk
[2011/08/24 15:10:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/17 16:21:53 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[1 C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp files -> C:\Documents and Settings\Brandon Nealson\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Brandon Nealson\*.tmp files -> C:\Documents and Settings\Brandon Nealson\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 09:38:19 | 103,742,777 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/12 01:19:10 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/12 01:12:35 | 000,000,863 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
[2011/09/12 01:12:35 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2011/09/12 01:10:58 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/12 00:44:09 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/11 23:53:52 | 076,143,504 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\msert.exe
[2011/09/11 23:23:26 | 004,203,458 | R--- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\ComboFix.exe
[2011/09/11 16:24:49 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/11 14:58:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/11 13:35:54 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\iExplore.exe
[2011/09/11 10:56:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/11 02:23:55 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 02:07:34 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/11 02:07:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/11 01:50:37 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/09/11 00:02:55 | 000,637,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 15:19:12 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Free Window Registry Repair.lnk
[2011/09/03 18:51:27 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Google Chrome.lnk
[2011/09/03 18:51:27 | 000,002,336 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 18:50:43 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
[2011/09/03 18:50:42 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
[2011/08/30 11:05:22 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/08/30 11:05:22 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/08/30 11:05:16 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/08/30 11:05:07 | 000,002,089 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\FiOS Information.lnk
[2011/08/30 11:05:06 | 000,002,118 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Desktop\Install Verizon Media Manager.lnk
[2011/08/17 16:21:53 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2010/10/13 19:40:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/13 19:40:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/13 19:40:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/13 19:40:19 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/25 10:56:29 | 000,137,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/25 10:56:29 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Application Data\PnkBstrK.sys
[2008/12/25 10:56:13 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/25 10:56:10 | 000,076,744 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/12/25 10:56:09 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/12/04 16:23:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/04 16:17:51 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Brandon Nealson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/21 22:41:27 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/09/21 22:41:27 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/09/21 21:57:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/21 21:46:39 | 000,122,813 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2008/09/21 21:46:39 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/19 19:14:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/19 19:06:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/19 18:29:33 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/09/19 18:22:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/19 18:18:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/19 10:59:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/19 10:58:11 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/21 22:34:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2011/09/11 16:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/11 16:24:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/21 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/24 14:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/09/13 09:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/01 23:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/09/11 00:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/11 01:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201
[2011/09/11 16:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG Secure Search
[2011/09/11 16:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\AVG2012
[2010/08/21 15:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\DAEMON Tools Lite
[2010/12/07 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\ElevatedDiagnostics
[2011/08/17 22:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\LolClient
[2009/11/10 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\OpenOffice.org
[2011/08/30 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\TechWizard
[2011/09/05 15:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Nealson\Application Data\Uniblue
[2008/12/22 00:07:28 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1222062245.job
[2011/09/13 12:48:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


After reboot I was still not able to run Combofix, there a a few icon on the desktop that are incorrect and those are the ones that I cannot run. One of them is Combofix. I may be able to reinstall and try it then.
  • 0

#6
Essexboy
Posted 13 September 2011 - 02:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-download combofix but as you download it change the file name to Gotcha then run
  • 0

#7
Shiftella
Posted 13 September 2011 - 02:40 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 11-09-13.03 - Brandon Nealson 09/13/2011 13:26:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2555 [GMT -7:00]
Running from: c:\documents and settings\Brandon Nealson\Desktop\Gotcha.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201
c:\documents and settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201\enemies-names.txt
c:\documents and settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201\local.ini
c:\documents and settings\Brandon Nealson\Application Data\706740E6E3352F043990079F59662201\lsrslt.ini
c:\documents and settings\Brandon Nealson\Application Data\Adobe\plugs
c:\documents and settings\Brandon Nealson\Application Data\Adobe\shed
c:\documents and settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}
c:\documents and settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}\chrome.manifest
c:\documents and settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}\chrome\content\_cfg.js
c:\documents and settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}\chrome\content\overlay.xul
c:\documents and settings\Brandon Nealson\Local Settings\Application Data\{96177168-D086-41BF-B9A2-BA0C698272FD}\install.rdf
c:\documents and settings\Brandon Nealson\xiewhiwbvg.tmp
c:\windows\$NtUninstallKB50429$
c:\windows\$NtUninstallKB50429$\197734603\@
c:\windows\$NtUninstallKB50429$\197734603\click.tlb
c:\windows\$NtUninstallKB50429$\197734603\L\yfxihgtr
c:\windows\$NtUninstallKB50429$\197734603\loader.tlb
c:\windows\$NtUninstallKB50429$\197734603\U\@00000001
c:\windows\$NtUninstallKB50429$\197734603\U\@000000c0
c:\windows\$NtUninstallKB50429$\197734603\U\@000000cb
c:\windows\$NtUninstallKB50429$\197734603\U\@000000cf
c:\windows\$NtUninstallKB50429$\197734603\U\@80000000
c:\windows\$NtUninstallKB50429$\197734603\U\@800000c0
c:\windows\$NtUninstallKB50429$\197734603\U\@800000cb
c:\windows\$NtUninstallKB50429$\197734603\U\@800000cf
c:\windows\$NtUninstallKB50429$\2058391959
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 19:39 . 2011-09-13 19:39 -------- d-----w- C:\_OTL
2011-09-13 16:44 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-13 16:43 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\mpengine.dll
2011-09-13 05:27 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-13 05:27 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-12 08:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-12 08:12 . 2008-04-14 07:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-09-12 08:12 . 2008-04-14 07:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-12 08:10 . 2011-09-12 08:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-11 23:32 . 2011-09-11 23:32 -------- d-----w- C:\$AVG
2011-09-11 23:25 . 2011-09-11 23:25 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\AVG2012
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\program files\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-11 23:24 . 2011-09-13 16:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-11 23:24 . 2011-09-11 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-11 23:23 . 2011-09-11 23:23 -------- d-----w- c:\program files\AVG
2011-09-11 23:21 . 2011-09-13 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-11 22:05 . 2011-09-11 22:05 -------- d-----w- c:\documents and settings\Administrator.BRANDON-B2B979A
2011-09-11 21:58 . 2011-09-13 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-11 21:58 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 17:54 . 2011-09-11 17:54 -------- d-sh--w- c:\documents and settings\Brandon Nealson\IECompatCache
2011-09-11 09:13 . 2011-09-11 09:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-11 09:11 . 2011-09-11 09:11 -------- d-----w- c:\program files\Common Files\Java
2011-09-11 09:11 . 2011-09-11 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-11 09:11 . 2011-09-11 09:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 09:07 . 2011-09-11 09:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-11 08:50 . 2011-09-11 08:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Secunia PSI
2011-09-11 08:50 . 2011-09-11 08:50 -------- d-----w- c:\program files\Secunia
2011-09-11 07:44 . 2011-09-11 07:44 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\Malwarebytes
2011-09-11 07:43 . 2011-09-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-11 07:02 . 2011-09-11 07:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-09-11 01:58 . 2011-09-11 01:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-09-05 22:19 . 2011-09-05 22:20 -------- d-----w- c:\program files\Free Window Registry Repair
2011-09-05 22:15 . 2011-09-05 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-05 22:11 . 2011-09-05 22:11 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\Uniblue
2011-09-05 22:11 . 2011-09-05 22:11 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\PackageAware
2011-09-03 20:59 . 2011-09-04 01:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google
2011-09-03 20:59 . 2011-09-04 01:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Deployment
2011-08-30 18:05 . 2011-08-30 18:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-08-30 18:05 . 2011-08-30 18:05 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-08-30 18:05 . 2011-08-30 18:05 -------- d-----w- c:\program files\Verizon
2011-08-30 18:02 . 2011-08-30 18:05 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\TechWizard
2011-08-30 05:13 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-08-30 05:13 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-08-18 20:24 . 2011-08-18 20:24 -------- d-----w- c:\documents and settings\Brandon Nealson\riotsGamesLogs
2011-08-18 05:15 . 2011-08-18 05:15 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\LolClient
2011-08-17 23:21 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-08-17 23:21 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-08-17 23:21 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-08-17 23:21 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-08-17 23:21 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-08-17 23:18 . 2011-08-17 23:18 -------- d-----w- C:\Riot Games
2011-08-16 02:07 . 2011-09-13 20:36 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\PMB Files
2011-08-16 02:07 . 2011-09-02 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-08-16 02:06 . 2011-08-16 02:06 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-09-20 01:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-07 . 51B92B39623F5D401A43E58483E2AB55 . 46924 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-11 23:24 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-16 3077528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-11 218440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Brandon Nealson\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Secunia\\PSI\\psi.exe"=
"c:\\Documents and Settings\\Brandon Nealson\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\hh.exe"=
"c:\\Program Files\\Verizon\\FiOS\\ihs\\iHAStarter.exe"=
"c:\\Program Files\\Verizon\\FiOS\\ihs\\IHAUPDATE.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\BsSndRpt.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57617:TCP"= 57617:TCP:Pando Media Booster
"57617:UDP"= 57617:UDP:Pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/21/2010 3:17 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 184828]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 986808]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/11/2011 4:24 PM 240648]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [8/16/2011 6:27 AM 5264736]
S2 IHA_MessageCenter;IHA_MessageCenter; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
itnetsvcs REG_MULTI_SZ itlperf
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-22 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4222062245.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 01:50]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 01:50]
.
2011-09-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{B2C61EBB-F47C-48ba-B375-27A40F8F48F7} - c:\program files\HP\Digital Imaging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 13:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD7500AACS-00D6B0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A09F31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2011-09-13 13:38:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 20:38
.
Pre-Run: 697,941,078,016 bytes free
Post-Run: 697,853,235,200 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 27B1CAD75740FA9BD208870E304EEAF2
  • 0

#8
Essexboy
Posted 13 September 2011 - 02:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\system32\dllcache\wuauclt.exe|c:\windows\system32\wuauclt.exe

NetSvc::
itnetsvcs

Driver::
itnetsvcs

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
Shiftella
Posted 13 September 2011 - 03:03 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 11-09-13.03 - Brandon Nealson 09/13/2011 13:58:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2451 [GMT -7:00]
Running from: c:\documents and settings\Brandon Nealson\Desktop\Gotcha.exe
Command switches used :: c:\documents and settings\Brandon Nealson\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 19:39 . 2011-09-13 19:39 -------- d-----w- C:\_OTL
2011-09-13 16:44 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-13 16:43 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F355CE-8019-4E26-BA96-7860A79B1D26}\mpengine.dll
2011-09-13 05:27 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-09-13 05:27 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-12 08:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-12 08:12 . 2008-04-14 07:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-09-12 08:12 . 2008-04-14 07:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-12 08:10 . 2011-09-12 08:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-11 23:32 . 2011-09-11 23:32 -------- d-----w- C:\$AVG
2011-09-11 23:25 . 2011-09-11 23:25 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\AVG2012
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\program files\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-09-11 23:24 . 2011-09-11 23:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-11 23:24 . 2011-09-13 16:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-11 23:24 . 2011-09-11 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-11 23:23 . 2011-09-11 23:23 -------- d-----w- c:\program files\AVG
2011-09-11 23:21 . 2011-09-13 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-11 22:05 . 2011-09-11 22:05 -------- d-----w- c:\documents and settings\Administrator.BRANDON-B2B979A
2011-09-11 21:58 . 2011-09-13 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-11 21:58 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 17:54 . 2011-09-11 17:54 -------- d-sh--w- c:\documents and settings\Brandon Nealson\IECompatCache
2011-09-11 09:13 . 2011-09-11 09:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-11 09:11 . 2011-09-11 09:11 -------- d-----w- c:\program files\Common Files\Java
2011-09-11 09:11 . 2011-09-11 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-11 09:11 . 2011-09-11 09:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-11 09:07 . 2011-09-11 09:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-11 08:50 . 2011-09-11 08:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Secunia PSI
2011-09-11 08:50 . 2011-09-11 08:50 -------- d-----w- c:\program files\Secunia
2011-09-11 07:44 . 2011-09-11 07:44 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\Malwarebytes
2011-09-11 07:43 . 2011-09-11 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-11 07:02 . 2011-09-11 07:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-09-11 01:58 . 2011-09-11 01:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-09-05 22:19 . 2011-09-05 22:20 -------- d-----w- c:\program files\Free Window Registry Repair
2011-09-05 22:15 . 2011-09-05 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-05 22:11 . 2011-09-05 22:11 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\Uniblue
2011-09-05 22:11 . 2011-09-05 22:11 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\PackageAware
2011-09-03 20:59 . 2011-09-04 01:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google
2011-09-03 20:59 . 2011-09-04 01:50 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Deployment
2011-08-30 18:05 . 2011-08-30 18:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-08-30 18:05 . 2011-08-30 18:05 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-08-30 18:05 . 2011-08-30 18:05 -------- d-----w- c:\program files\Verizon
2011-08-30 18:02 . 2011-08-30 18:05 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\TechWizard
2011-08-30 05:13 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-08-30 05:13 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-08-18 20:24 . 2011-08-18 20:24 -------- d-----w- c:\documents and settings\Brandon Nealson\riotsGamesLogs
2011-08-18 05:15 . 2011-08-18 05:15 -------- d-----w- c:\documents and settings\Brandon Nealson\Application Data\LolClient
2011-08-17 23:21 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-08-17 23:21 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-08-17 23:21 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-08-17 23:21 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-08-17 23:21 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-08-17 23:18 . 2011-08-17 23:18 -------- d-----w- C:\Riot Games
2011-08-16 02:07 . 2011-09-13 21:01 -------- d-----w- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\PMB Files
2011-08-16 02:07 . 2011-09-02 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-08-16 02:06 . 2011-08-16 02:06 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2008-09-20 01:17 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-11 23:24 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-16 3077528]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-11 218440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-08-19 2387296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Brandon Nealson\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Secunia\\PSI\\psi.exe"=
"c:\\Documents and Settings\\Brandon Nealson\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\hh.exe"=
"c:\\Program Files\\Verizon\\FiOS\\ihs\\iHAStarter.exe"=
"c:\\Program Files\\Verizon\\FiOS\\ihs\\IHAUPDATE.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\BsSndRpt.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57617:TCP"= 57617:TCP:Pando Media Booster
"57617:UDP"= 57617:UDP:Pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/21/2010 3:17 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 184828]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 986808]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/11/2011 4:24 PM 240648]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [8/16/2011 6:27 AM 5264736]
S2 IHA_MessageCenter;IHA_MessageCenter; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PciCon;PciCon;\??\i:\pcicon.sys --> i:\PciCon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
itnetsvcs REG_MULTI_SZ itlperf
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-22 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4222062245.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004Core.job
- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 01:50]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1284227242-682003330-1004UA.job
- c:\documents and settings\Brandon Nealson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 01:50]
.
2011-09-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD7500AACS-00D6B0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A09F31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-13 14:02:04
ComboFix-quarantined-files.txt 2011-09-13 21:02
ComboFix2.txt 2011-09-13 20:38
.
Pre-Run: 697,864,773,632 bytes free
Post-Run: 697,848,332,288 bytes free
.
- - End Of File - - 3FFA0960FACA1C063350B93DCC73321D
  • 0

#10
Essexboy
Posted 13 September 2011 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you seeing now ?
  • 0

Advertisements

#11
Shiftella
Posted 13 September 2011 - 03:13 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The internet seems to be a lot better I am not getting any of the redirect issues anymore. There are still the issues with some of the icons they appear as little computer screens instead of what they are supposed to be. I can live with those, but everything else appears to be 100% better.
  • 0

#12
Shiftella
Posted 13 September 2011 - 03:22 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Should I be using Microsoft security essentials and MBAM? Are these 2 things sufficient enough to keep these types of issues returning, or are there some other things I should be using instead of or alongside of these that I listed.
  • 0

#13
Essexboy
Posted 13 September 2011 - 03:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MSE and MBAM are compatible, I would like you to run MBAM now to ensure that there are no orphans left. The main MBAM programme was updated today so -get a fresh copy. Once done we will look to see if there are any repairs needed

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
Shiftella
Posted 13 September 2011 - 03:32 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7711

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/13/2011 2:29:04 PM
mbam-log-2011-09-13 (14-29-04).txt

Scan type: Quick scan
Objects scanned: 182042
Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
Essexboy
Posted 14 September 2011 - 10:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any problems ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP