Jump to content
Sign in to follow this  
NascarFan19

Machine is very sluggish

Recommended Posts

I did all the suggested things before posting here. I deleted old files and dumped temp files. I ran SuperAntispyware, CC Cleaner, EZ Cleaner, Malware Anti-malware and pretty much anything I could find. This machine is very sluggish and I would like to see if the problem is buried somewhere within. Thanks for all your help!

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:38:06 AM, on 1/5/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/login.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Owner\Desktop\PartyPoker.net.lnk

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Owner\Desktop\PartyPoker.net.lnk

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

--

End of file - 4779 bytes

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 2:23:16 on 2012-01-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.164 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Free Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/login.php

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://qus7.hpwis.com/

uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://srch-qus7.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe

uPolicies-explorer: NoWinKeys = 1 (0x1)

uPolicies-explorer: NoSMMyDocs = 1 (0x1)

uPolicies-explorer: NoFavoritesMenu = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\documents and settings\owner\desktop\PartyPoker.net.lnk

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{733D3642-D733-402B-95C3-B9CFE83B7BA9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-17 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-30 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-17 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-17 908056]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys --> c:\windows\system32\drivers\CoachCap.sys [?]

S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 esihdrv;esihdrv;\??\c:\docume~1\owner\locals~1\temp\esihdrv.sys --> c:\docume~1\owner\locals~1\temp\esihdrv.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776]

S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-17 297752]

S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]

S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-04 02:39:47 -------- d-----w- C:\HiJack This

2012-01-04 02:37:50 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-01-04 02:37:49 -------- d-----w- c:\program files\Trend Micro

2012-01-03 20:31:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-01-02 04:54:16 -------- d-----w- C:\Pictures

2012-01-01 17:22:50 0 ----a-w- c:\documents and settings\owner\Reset_IE_Windows.reg

2011-12-31 20:49:48 -------- d-----w- c:\documents and settings\all users\application data\BlueSprig

2011-12-28 13:13:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-22 02:07:26 38160 ----a-w- c:\windows\system32\LMRTREND.dll

2011-12-22 02:07:24 140800 ----a-w- c:\windows\system32\tm20dec.ax

2011-12-22 02:07:20 182032 ----a-w- c:\windows\system32\dxtmsft3.dll

2011-12-22 02:06:38 63488 ----a-w- c:\windows\system32\unam4ie.exe

2011-12-22 02:06:26 5672 ----a-w- c:\windows\system32\quartz.vxd

2011-12-22 02:06:26 11776 ----a-w- c:\windows\system32\mciqtz.drv

2011-12-22 02:06:26 10240 ----a-w- c:\windows\system32\vidx16.dll

2011-12-22 02:06:22 194320 ----a-w- c:\windows\system32\qcut.dll

2011-12-22 02:06:17 4608 ----a-w- c:\windows\system32\w95inf32.dll

2011-12-22 02:06:16 2272 ----a-w- c:\windows\system32\w95inf16.dll

2011-12-22 02:05:47 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL

2011-12-22 01:44:15 20992 ----a-w- c:\windows\system32\dshowext.ax

2011-12-19 01:22:16 22 --sha-w- c:\documents and settings\owner\application data\Sys2662.Config.Repository.bin

2011-12-19 01:21:18 -------- d-----w- c:\program files\jv16 PowerTools 2011

2011-12-19 01:11:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-19 01:11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-17 15:31:39 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-12-17 15:27:43 61440 ----a-w- c:\windows\system32\HPZinw12.exe

2011-12-17 15:27:42 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2011-12-17 15:27:42 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2011-12-17 15:27:42 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2011-12-17 15:27:42 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2011-12-17 15:27:41 278584 ----a-w- c:\windows\system32\HPZidr12.dll

2011-12-17 15:24:17 180315 ----a-w- c:\windows\system32\hpzsnt12.dll

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll

2011-10-17 18:48:01 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-10-10 14:22:41 692736 -c--a-w- c:\windows\system32\inetcomm.dll

2011-06-19 15:36:04 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe

2011-03-21 01:17:08 46972928 ----a-w- c:\program files\zaSetup_92_105_000_en.exe

2011-03-19 04:25:01 3033192 -c--a-w- c:\program files\ccsetup304.exe

2011-01-27 03:18:38 629968 ----a-w- c:\program files\PartyPokerNetSetup.exe

2010-04-30 06:49:25 7184528 -c--a-w- c:\program files\asc-setup.exe

2010-04-30 06:42:28 16409960 ----a-w- c:\program files\spybotsd162.exe

2010-04-30 06:24:07 3103640 ----a-w- c:\program files\spywareblastersetup43.exe

2010-03-14 16:29:04 336 ----a-w- c:\program files\temp995.bat

2008-07-11 22:39:17 262144 -c--a-w- c:\program files\Uninstall Spy Blocker.dll

.

============= FINISH: 2:26:04.96 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/29/2007 10:25:58 PM

System Uptime: 1/4/2012 11:37:16 PM (3 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6390

Processor: AMD Athlon XP 2200+ | Socket A | 1798/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 33 GiB total, 22.004 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.782 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP454: 1/2/2012 11:11:14 PM - System Checkpoint

RP455: 1/3/2012 3:47:20 PM - Installed Microsoft Fix it 50228

RP456: 1/3/2012 9:37:46 PM - Installed HiJackThis

RP457: 1/4/2012 9:26:46 AM - Installed H&R Block Deluxe + Efile + State 2010.

RP458: 1/4/2012 9:30:47 AM - Installed H&R Block North Carolina 2010.

.

==== Installed Programs ======================

.

.

Adobe Flash Player 11 ActiveX

Adobe Reader 7.0

Adobe Shockwave Player 11

AiO_Scan

AVG Free 8.5

Belarc Advisor 6.1

CCleaner

CCScore

CDBurnerXP

Coloreal

EasyCleaner

essvatgt

fflink

Garmin Communicator Plugin

Garmin POI Loader

Garmin USB Drivers

H&R Block Deluxe + Efile + State 2010

H&R Block North Carolina 2010

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP PSC & OfficeJet 5.3.B

Intel® Extreme Graphics Driver Software

Java 6 Update 3

jv16 PowerTools 2011

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mp3 Tag Tools v1.2

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

netbrdg

NVIDIA Windows 2000/XP Display Drivers

OfotoXMI

PartyPoker.net

QFolder

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SHASTA

skin0001

SKINXSDK

Spybot - Search & Destroy 1.5.2.20

SpywareBlaster 4.5

staticcr

SUPERAntiSpyware Free Edition

tooltips

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

VC 9.0 Runtime

VIA Rhine-Family Fast Ethernet Adapter

VPRINTOL

WD Diagnostics

WeatherBug

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Service Pack 3

WinPatrol 2008

WIRELESS

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/31/2011 6:12:05 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/30/2011 8:59:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

12/30/2011 8:59:00 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

12/30/2011 8:59:00 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/30/2011 8:59:00 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/30/2011 8:59:00 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/30/2011 8:59:00 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/30/2011 8:59:00 PM, error: Service Control Manager [7000] - The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to start due to the following error: The system cannot find the file specified.

12/30/2011 8:58:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/4/2012 8:27:58 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

1/1/2012 2:32:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 nv_agp

1/1/2012 2:32:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • Please subscribe to this topic, if you haven't already.

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

----------

 

 

GMER

 

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

.

----------

 

In your next reply please post the log created by GMER. :)

Share this post


Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-01-05 12:51:37

Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3 SAMSUNG_SV4002H rev.QP100-07

Running: gmer.exe; Driver: C:DOCUME~1OwnerLOCALS~1Tempaxwoqaoc.sys

 

---- System - GMER 1.0.15 ----

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF3E0D2F4]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF3E075CA]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF3E2658A]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF3E0DA80]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF3E20E4E]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF3E2123C]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF3E2A6F6]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF3E0DBB6]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF3E081E0]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF3E27E3C]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF3E277B2]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF3E1FD8A]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF3E28794]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF3E2899C]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF3E07DF2]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF3E23160]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF3E22D8A]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF3E2972A]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF3E29060]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF3E0CEC4]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF3E2A0FC]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF3E0D59C]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF3E085A4]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF3E29C6A]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF3E26F72]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF3E21EA4]

SSDT SystemRootSystem32vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF3E21C20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [80, DA, E0, F3, 4E, 0E, E2, ...]

---- User code sections - GMER 1.0.15 ----

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet ExplorerIEXPLORE.EXE[1076] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1536] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:Program FilesInternet Exploreriexplore.exe[1572] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device DriverTcpip DeviceIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device DriverTcpip DeviceTcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device DriverTcpip DeviceUdp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device DriverTcpip DeviceRawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device DriverTcpip DeviceIPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

----------

Share this post


Link to post
Share on other sites

Hi Jeff... I have downloaded the ComboFix.exe three times and I get the following results. First, I downloaded it to the desktop. Double clicked on the icon on desktop and it ran green print in a gray box, and then stopped. After waiting 15 minutes, I decided it was not going to show the pop-ups and accepts as described in instructions. I disabled virus and malware scans also. I have searched C: and can find nothing about a .txt file left there by combofix. My apologies for complicating your efforts to help me.

thanks

 

Will

Share this post


Link to post
Share on other sites

You are not complicating anything. :)

 

 

Reboot Your System in Safe Mode

  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe mode with Networking menu item
  • Press Enter.
Once in Safe Mode please try to run ComboFix again. If you still have problems let me know.

Share this post


Link to post
Share on other sites

whewwww Here we go.

 

ComboFix 12-01-06.03 - Owner 01/06/2012 20:26:48.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.259 [GMT -5:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:documents and settingsDefault UserWINDOWS

c:documents and settingsOwnerLocal SettingsApplication Dataassemblytmp

c:documents and settingsOwnermukklwmard.tmp

c:documents and settingsOwnerWINDOWS

C:Images

c:program filescdbxp_setup_4.3.8.2568.exe

c:windowssystem32configsystemprofileWINDOWS

D:Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))

.

.

2012-01-06 01:30 . 2012-01-06 01:30 -------- d-----w- c:documents and settingsOwnerApplication DataAVG2012

2012-01-06 01:25 . 2012-01-06 22:32 -------- d-----w- c:windowssystem32driversAVG

2012-01-06 01:25 . 2012-01-06 01:38 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG2012

2012-01-06 01:07 . 2012-01-06 01:07 -------- d--h--w- c:documents and settingsAll UsersApplication DataCommon Files

2012-01-06 01:02 . 2012-01-06 01:42 -------- d-----w- c:documents and settingsAll UsersApplication DataMFAData

2012-01-04 02:39 . 2012-01-05 07:38 -------- d-----w- C:HiJack This

2012-01-04 02:37 . 2012-01-04 02:37 388096 ----a-r- c:documents and settingsOwnerApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-04 02:37 . 2012-01-04 02:37 -------- d-----w- c:program filesTrend Micro

2012-01-03 20:31 . 2012-01-03 20:36 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys

2012-01-02 04:54 . 2012-01-02 05:08 -------- d-----w- C:Pictures

2012-01-01 17:22 . 2012-01-01 17:22 0 ----a-w- c:documents and settingsOwnerReset_IE_Windows.reg

2011-12-31 20:49 . 2011-12-31 20:49 -------- d-----w- c:documents and settingsAll UsersApplication DataBlueSprig

2011-12-28 13:13 . 2011-12-31 19:55 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-12-25 00:48 . 2011-12-31 01:48 -------- d-----w- c:documents and settingsAdministrator

2011-12-22 02:07 . 1998-09-02 08:28 38160 ----a-w- c:windowssystem32LMRTREND.dll

2011-12-22 02:07 . 1998-08-20 11:02 140800 ----a-w- c:windowssystem32tm20dec.ax

2011-12-22 02:07 . 1998-08-27 04:51 182032 ----a-w- c:windowssystem32dxtmsft3.dll

2011-12-22 02:06 . 1998-09-02 08:28 63488 ----a-w- c:windowssystem32unam4ie.exe

2011-12-22 02:06 . 1998-08-17 09:21 5672 ----a-w- c:windowssystem32quartz.vxd

2011-12-22 02:06 . 1998-08-17 09:21 10240 ----a-w- c:windowssystem32vidx16.dll

2011-12-22 02:06 . 1998-08-17 09:21 11776 ----a-w- c:windowssystem32mciqtz.drv

2011-12-22 02:06 . 1998-09-02 08:02 194320 ----a-w- c:windowssystem32qcut.dll

2011-12-22 02:06 . 2011-12-22 02:06 4608 ----a-w- c:windowssystem32w95inf32.dll

2011-12-22 02:06 . 2011-12-22 02:06 2272 ----a-w- c:windowssystem32w95inf16.dll

2011-12-22 02:05 . 1996-07-01 05:00 77312 ----a-w- c:windowssystem32TWAIN_32.DLL

2011-12-22 01:44 . 2008-04-14 01:12 20992 ----a-w- c:windowssystem32dshowext.ax

2011-12-19 01:22 . 2011-12-19 01:22 22 --sha-w- c:documents and settingsOwnerApplication DataSys2662.Config.Repository.bin

2011-12-19 01:21 . 2011-12-19 01:22 -------- d-----w- c:program filesjv16 PowerTools 2011

2011-12-19 01:11 . 2012-01-03 20:31 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-12-19 01:11 . 2011-12-10 20:24 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-12-17 15:31 . 2011-12-17 15:31 -------- d-----w- c:program filesCommon FilesHewlett-Packard

2011-12-17 15:27 . 2004-09-29 17:08 61440 ----a-w- c:windowssystem32HPZinw12.exe

2011-12-17 15:27 . 2004-09-29 17:15 204800 ----a-w- c:windowssystem32HPZipr12.dll

2011-12-17 15:27 . 2004-09-29 17:14 69632 ----a-w- c:windowssystem32HPZipm12.exe

2011-12-17 15:27 . 2004-09-29 17:09 57344 ----a-w- c:windowssystem32HPZisn12.dll

2011-12-17 15:27 . 2004-09-29 17:09 94208 ----a-w- c:windowssystem32HPZipt12.dll

2011-12-17 15:27 . 2004-09-29 17:12 278584 ----a-w- c:windowssystem32HPZidr12.dll

2011-12-17 15:24 . 2005-03-18 18:32 180315 ----a-w- c:windowssystem32hpzsnt12.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2007-12-30 03:26 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-04 19:20 . 2007-12-30 04:07 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2007-12-30 04:07 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 19:20 . 2007-12-30 03:26 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 11:23 . 2007-12-30 10:26 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2007-12-30 03:24 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2007-12-30 04:03 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:37 . 2002-08-29 08:04 2148864 -c--a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2002-08-29 08:04 2027008 -c--a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 11:13 . 2007-12-30 04:07 186880 -c--a-w- c:windowssystem32encdec.dll

2011-10-17 18:48 . 2011-10-17 18:48 21035 ----a-w- c:windowssystem32driversAegisP.sys

2011-10-10 14:22 . 2007-12-30 04:07 692736 -c--a-w- c:windowssystem32inetcomm.dll

2011-03-21 01:17 . 2011-03-21 01:16 46972928 ----a-w- c:program fileszaSetup_92_105_000_en.exe

2011-03-19 04:25 . 2011-03-19 04:24 3033192 -c--a-w- c:program filesccsetup304.exe

2011-01-27 03:18 . 2011-01-27 03:18 629968 ----a-w- c:program filesPartyPokerNetSetup.exe

2010-04-30 06:49 . 2010-04-30 06:49 7184528 -c--a-w- c:program filesasc-setup.exe

2010-04-30 06:42 . 2010-04-30 06:42 16409960 ----a-w- c:program filesspybotsd162.exe

2010-04-30 06:24 . 2010-04-30 06:24 3103640 ----a-w- c:program filesspywareblastersetup43.exe

2010-03-14 16:29 . 2010-03-14 16:28 336 ----a-w- c:program filestemp995.bat

2008-07-11 22:39 . 2008-07-12 02:30 262144 -c--a-w- c:program filesUninstall Spy Blocker.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program filesAWSWeatherBugWeather.exe" [2004-11-08 1597440]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2011-11-10 73360]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2011-12-03 2415456]

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-12-28 20:06 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"aawservice"=2 (0x2)

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"MSMSGS"="c:program filesMessengermsmsgs.exe" /background

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [7/11/2011 1:14 AM 295248]

S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [10/7/2011 6:23 AM 230608]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [5/28/2008 9:33 AM 12872]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [5/28/2008 9:33 AM 67656]

S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [8/2/2011 6:09 AM 192776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:windowssystem32driversCoachCap.sys --> c:windowssystem32driversCoachCap.sys [?]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [11/3/2011 9:44 AM 27016]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S3 esihdrv;esihdrv;??c:docume~1OwnerLOCALS~1Tempesihdrv.sys --> c:docume~1OwnerLOCALS~1Tempesihdrv.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [1/3/2012 3:31 PM 40776]

S3 PCDRDRV;Pcdr Helper Driver;??c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys --> c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys [?]

S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [5/28/2008 9:33 AM 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filesCheckPointZAForceFieldISWSVC.exe [11/3/2011 9:44 AM 497280]

S4 msCMTSrvc;Content Monitoring Tool;c:windowssystem32msCMTSrvc.exe --> c:windowssystem32msCMTSrvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-07 c:windowsTasksUser_Feed_Synchronization-{8D041CAF-F681-4B08-9EAD-EAC2F1451AA4}.job

- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/login.php

uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/

mSearch Bar = hxxp://srch-qus7.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: DirectAnimation Java Classes - file://c:windowsJavaclassesdajava.cab

DPF: Microsoft XML Parser for Java - file://c:windowsJavaclassesxmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-06 20:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:program filesSUPERAntiSpywareSASWINLO.DLL

c:windowssystem32WININET.dll

.

Completion time: 2012-01-06 20:46:55

ComboFix-quarantined-files.txt 2012-01-07 01:46

.

Pre-Run: 23,529,447,424 bytes free

Post-Run: 23,910,916,096 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - A14CEB6CA480622666571F2A41DFA03F

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
    
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
    
    File::
    c:\docume~1\owner\locals~1\temp\esihdrv.sys
    
    DirLook::
    c:\documents and settings\All Users\Application Data\BlueSprig
    
    Driver::
    esihdrv
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Share this post


Link to post
Share on other sites

ComboFix 12-01-06.03 - Owner 01/07/2012 16:48:51.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.131 [GMT -5:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

Command switches used :: c:documents and settingsOwnerDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

FILE ::

"c:docume~1ownerlocals~1tempesihdrv.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Legacy_ESIHDRV

-------Service_esihdrv

.

.

((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))

.

.

2012-01-07 04:55 . 2012-01-07 04:55 -------- d-----w- C:$AVG

2012-01-06 01:30 . 2012-01-06 01:30 -------- d-----w- c:documents and settingsOwnerApplication DataAVG2012

2012-01-06 01:25 . 2012-01-07 14:55 -------- d-----w- c:windowssystem32driversAVG

2012-01-06 01:25 . 2012-01-06 01:38 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG2012

2012-01-06 01:07 . 2012-01-06 01:07 -------- d--h--w- c:documents and settingsAll UsersApplication DataCommon Files

2012-01-06 01:02 . 2012-01-07 14:56 -------- d-----w- c:documents and settingsAll UsersApplication DataMFAData

2012-01-04 02:39 . 2012-01-05 07:38 -------- d-----w- C:HiJack This

2012-01-04 02:37 . 2012-01-04 02:37 388096 ----a-r- c:documents and settingsOwnerApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-04 02:37 . 2012-01-04 02:37 -------- d-----w- c:program filesTrend Micro

2012-01-03 20:31 . 2012-01-03 20:36 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys

2012-01-02 04:54 . 2012-01-02 05:08 -------- d-----w- C:Pictures

2012-01-01 17:22 . 2012-01-01 17:22 0 ----a-w- c:documents and settingsOwnerReset_IE_Windows.reg

2011-12-31 20:49 . 2011-12-31 20:49 -------- d-----w- c:documents and settingsAll UsersApplication DataBlueSprig

2011-12-28 13:13 . 2011-12-31 19:55 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-12-25 00:48 . 2011-12-31 01:48 -------- d-----w- c:documents and settingsAdministrator

2011-12-22 02:07 . 1998-09-02 08:28 38160 ----a-w- c:windowssystem32LMRTREND.dll

2011-12-22 02:07 . 1998-08-27 04:51 182032 ----a-w- c:windowssystem32dxtmsft3.dll

2011-12-22 02:06 . 1998-08-17 09:21 5672 ----a-w- c:windowssystem32quartz.vxd

2011-12-22 02:06 . 1998-08-17 09:21 11776 ----a-w- c:windowssystem32mciqtz.drv

2011-12-22 02:06 . 1998-09-02 08:02 194320 ----a-w- c:windowssystem32qcut.dll

2011-12-22 01:44 . 2008-04-14 01:12 20992 ----a-w- c:windowssystem32dshowext.ax

2011-12-19 01:22 . 2011-12-19 01:22 22 --sha-w- c:documents and settingsOwnerApplication DataSys2662.Config.Repository.bin

2011-12-19 01:21 . 2011-12-19 01:22 -------- d-----w- c:program filesjv16 PowerTools 2011

2011-12-19 01:11 . 2012-01-03 20:31 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-12-19 01:11 . 2011-12-10 20:24 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-12-17 15:31 . 2011-12-17 15:31 -------- d-----w- c:program filesCommon FilesHewlett-Packard

2011-12-17 15:27 . 2004-09-29 17:08 61440 ----a-w- c:windowssystem32HPZinw12.exe

2011-12-17 15:27 . 2004-09-29 17:15 204800 ----a-w- c:windowssystem32HPZipr12.dll

2011-12-17 15:27 . 2004-09-29 17:14 69632 ----a-w- c:windowssystem32HPZipm12.exe

2011-12-17 15:27 . 2004-09-29 17:09 57344 ----a-w- c:windowssystem32HPZisn12.dll

2011-12-17 15:27 . 2004-09-29 17:09 94208 ----a-w- c:windowssystem32HPZipt12.dll

2011-12-17 15:27 . 2004-09-29 17:12 278584 ----a-w- c:windowssystem32HPZidr12.dll

2011-12-17 15:24 . 2005-03-18 18:32 180315 ----a-w- c:windowssystem32hpzsnt12.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-22 02:06 . 2011-12-22 02:06 4608 ----a-w- c:windowssystem32w95inf32.dll

2011-12-22 02:06 . 2011-12-22 02:06 2272 ----a-w- c:windowssystem32w95inf16.dll

2011-11-23 13:25 . 2007-12-30 03:26 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-04 19:20 . 2007-12-30 04:07 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2007-12-30 04:07 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 19:20 . 2007-12-30 03:26 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 11:23 . 2007-12-30 10:26 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2007-12-30 03:24 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2007-12-30 04:03 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:37 . 2002-08-29 08:04 2148864 -c--a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2002-08-29 08:04 2027008 -c--a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 11:13 . 2007-12-30 04:07 186880 -c--a-w- c:windowssystem32encdec.dll

2011-10-17 18:48 . 2011-10-17 18:48 21035 ----a-w- c:windowssystem32driversAegisP.sys

2011-10-10 14:22 . 2007-12-30 04:07 692736 -c--a-w- c:windowssystem32inetcomm.dll

2011-03-21 01:17 . 2011-03-21 01:16 46972928 ----a-w- c:program fileszaSetup_92_105_000_en.exe

2011-03-19 04:25 . 2011-03-19 04:24 3033192 -c--a-w- c:program filesccsetup304.exe

2011-01-27 03:18 . 2011-01-27 03:18 629968 ----a-w- c:program filesPartyPokerNetSetup.exe

2010-04-30 06:49 . 2010-04-30 06:49 7184528 -c--a-w- c:program filesasc-setup.exe

2010-04-30 06:42 . 2010-04-30 06:42 16409960 ----a-w- c:program filesspybotsd162.exe

2010-04-30 06:24 . 2010-04-30 06:24 3103640 ----a-w- c:program filesspywareblastersetup43.exe

2010-03-14 16:29 . 2010-03-14 16:28 336 ----a-w- c:program filestemp995.bat

2008-07-11 22:39 . 2008-07-12 02:30 262144 -c--a-w- c:program filesUninstall Spy Blocker.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:documents and settingsAll UsersApplication DataBlueSprig ----

.

2011-12-31 20:49 . 2011-12-31 20:49 22 ----a-w- c:documents and settingsAll UsersApplication DataBlueSprigJetBoostJetBoostInstallBackWork.ini

.

.

((((((((((((((((((((((((((((( [email protected]_01.39.40 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-01-24 12:54 . 2012-01-05 02:10 571112 c:windowssystem32perfh009.dat

+ 2003-01-24 12:54 . 2012-01-07 02:05 571112 c:windowssystem32perfh009.dat

+ 2003-01-24 12:54 . 2012-01-07 02:05 109606 c:windowssystem32perfc009.dat

- 2003-01-24 12:54 . 2012-01-05 02:10 109606 c:windowssystem32perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program filesAWSWeatherBugWeather.exe" [2004-11-08 1597440]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2011-11-10 73360]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2011-12-03 2415456]

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-12-28 20:06 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"aawservice"=2 (0x2)

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"MSMSGS"="c:program filesMessengermsmsgs.exe" /background

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [5/28/2008 9:33 AM 12872]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [5/28/2008 9:33 AM 67656]

R2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [11/3/2011 9:44 AM 27016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:windowssystem32driversCoachCap.sys --> c:windowssystem32driversCoachCap.sys [?]

S3 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [1/3/2012 3:31 PM 40776]

S3 PCDRDRV;Pcdr Helper Driver;??c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys --> c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys [?]

S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [5/28/2008 9:33 AM 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filesCheckPointZAForceFieldISWSVC.exe [11/3/2011 9:44 AM 497280]

S4 msCMTSrvc;Content Monitoring Tool;c:windowssystem32msCMTSrvc.exe --> c:windowssystem32msCMTSrvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-07 c:windowsTasksUser_Feed_Synchronization-{8D041CAF-F681-4B08-9EAD-EAC2F1451AA4}.job

- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/login.php

uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/

mSearch Bar = hxxp://srch-qus7.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: DirectAnimation Java Classes - file://c:windowsJavaclassesdajava.cab

DPF: Microsoft XML Parser for Java - file://c:windowsJavaclassesxmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-07 17:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(876)

c:program filesSUPERAntiSpywareSASWINLO.DLL

c:windowssystem32WININET.dll

.

- - - - - - - > 'explorer.exe'(3752)

c:windowssystem32WININET.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:progra~1AVGAVG2012avgrsx.exe

c:program filesAVGAVG2012avgcsrvx.exe

c:windowssystem32HPZipm12.exe

c:windowsSystem32snmp.exe

c:program filesAVGAVG2012avgnsx.exe

c:program filesAVGAVG2012avgemcx.exe

.

**************************************************************************

.

Completion time: 2012-01-07 17:20:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-07 22:19

ComboFix2.txt 2012-01-07 01:46

.

Pre-Run: 23,285,694,464 bytes free

Post-Run: 23,257,104,384 bytes free

.

- - End Of File - - 72C279DD692C0D67AC50ABE2B4A22D70

Share this post


Link to post
Share on other sites

Hi,

 

 

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.

----------

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/

----------

 

In your next reply please post the logs created by Malwarebytes and ESET online scanner.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.08.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: YOUR-N3TY7ATHD5 [administrator]

1/7/2012 8:41:48 PM

mbam-log-2012-01-07 (20-41-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 178501

Time elapsed: 16 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

 

 

 

 

C:Documents and SettingsOwnerMy DocumentsPicMorph.exe Win32/Toolbar.Zugo application

C:WINDOWSsystem32ConTest.dll Win32/Adware.Ascentive application

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Documents and Settings\Owner\My Documents\PicMorph.exe
    C:\WINDOWS\system32\ConTest.dll
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

 

In your next reply please post the ComboFix log that is created and let me know how your system is behaving. :)

Share this post


Link to post
Share on other sites

I have noticed that each time the system reboots after running these tests, that I am told by popup that the default browser is not IE. I tell it to make it the default. I have never seen that before. The system seems to be a little faster but its hard to tell. I am sure as old as the system is and amout of ram I have here is major reason for sluggishness. I wanted to be sure that it is as clean as possible.

 

ComboFix 12-01-07.03 - Owner 01/08/2012 11:52:51.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.224 [GMT -5:00]

Running from: c:documents and settingsOwnerDesktopComboFix.exe

Command switches used :: c:documents and settingsOwnerDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

FILE ::

"c:documents and settingsOwnerMy DocumentsPicMorph.exe"

"c:windowssystem32ConTest.dll"

.

.

((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))

.

.

2012-01-08 02:15 . 2012-01-08 02:15 -------- d-----w- c:program filesESET

2012-01-07 04:55 . 2012-01-07 04:55 -------- d-----w- C:$AVG

2012-01-06 01:30 . 2012-01-06 01:30 -------- d-----w- c:documents and settingsOwnerApplication DataAVG2012

2012-01-06 01:25 . 2012-01-08 16:10 -------- d-----w- c:windowssystem32driversAVG

2012-01-06 01:25 . 2012-01-06 01:38 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG2012

2012-01-06 01:07 . 2012-01-06 01:07 -------- d--h--w- c:documents and settingsAll UsersApplication DataCommon Files

2012-01-06 01:02 . 2012-01-08 16:10 -------- d-----w- c:documents and settingsAll UsersApplication DataMFAData

2012-01-04 02:39 . 2012-01-05 07:38 -------- d-----w- C:HiJack This

2012-01-04 02:37 . 2012-01-04 02:37 388096 ----a-r- c:documents and settingsOwnerApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-04 02:37 . 2012-01-04 02:37 -------- d-----w- c:program filesTrend Micro

2012-01-02 04:54 . 2012-01-02 05:08 -------- d-----w- C:Pictures

2012-01-01 17:22 . 2012-01-01 17:22 0 ----a-w- c:documents and settingsOwnerReset_IE_Windows.reg

2011-12-31 20:49 . 2011-12-31 20:49 -------- d-----w- c:documents and settingsAll UsersApplication DataBlueSprig

2011-12-28 13:13 . 2011-12-31 19:55 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-12-25 00:48 . 2011-12-31 01:48 -------- d-----w- c:documents and settingsAdministrator

2011-12-22 02:07 . 1998-09-02 08:28 38160 ----a-w- c:windowssystem32LMRTREND.dll

2011-12-22 02:07 . 1998-08-20 11:02 140800 ----a-w- c:windowssystem32tm20dec.ax

2011-12-22 02:07 . 1998-08-27 04:51 182032 ----a-w- c:windowssystem32dxtmsft3.dll

2011-12-22 02:06 . 1998-09-02 08:28 63488 ----a-w- c:windowssystem32unam4ie.exe

2011-12-22 02:06 . 1998-08-17 09:21 5672 ----a-w- c:windowssystem32quartz.vxd

2011-12-22 02:06 . 1998-08-17 09:21 10240 ----a-w- c:windowssystem32vidx16.dll

2011-12-22 02:06 . 1998-08-17 09:21 11776 ----a-w- c:windowssystem32mciqtz.drv

2011-12-22 02:06 . 1998-09-02 08:02 194320 ----a-w- c:windowssystem32qcut.dll

2011-12-22 02:06 . 2011-12-22 02:06 4608 ----a-w- c:windowssystem32w95inf32.dll

2011-12-22 02:06 . 2011-12-22 02:06 2272 ----a-w- c:windowssystem32w95inf16.dll

2011-12-22 02:05 . 1996-07-01 05:00 77312 ----a-w- c:windowssystem32TWAIN_32.DLL

2011-12-22 01:44 . 2008-04-14 01:12 20992 ----a-w- c:windowssystem32dshowext.ax

2011-12-19 01:22 . 2011-12-19 01:22 22 --sha-w- c:documents and settingsOwnerApplication DataSys2662.Config.Repository.bin

2011-12-19 01:21 . 2011-12-19 01:22 -------- d-----w- c:program filesjv16 PowerTools 2011

2011-12-19 01:11 . 2012-01-03 20:31 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-12-19 01:11 . 2011-12-10 20:24 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-12-17 15:31 . 2011-12-17 15:31 -------- d-----w- c:program filesCommon FilesHewlett-Packard

2011-12-17 15:27 . 2004-09-29 17:08 61440 ----a-w- c:windowssystem32HPZinw12.exe

2011-12-17 15:27 . 2004-09-29 17:15 204800 ----a-w- c:windowssystem32HPZipr12.dll

2011-12-17 15:27 . 2004-09-29 17:14 69632 ----a-w- c:windowssystem32HPZipm12.exe

2011-12-17 15:27 . 2004-09-29 17:09 57344 ----a-w- c:windowssystem32HPZisn12.dll

2011-12-17 15:27 . 2004-09-29 17:09 94208 ----a-w- c:windowssystem32HPZipt12.dll

2011-12-17 15:27 . 2004-09-29 17:12 278584 ----a-w- c:windowssystem32HPZidr12.dll

2011-12-17 15:24 . 2005-03-18 18:32 180315 ----a-w- c:windowssystem32hpzsnt12.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2007-12-30 03:26 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-04 19:20 . 2007-12-30 04:07 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20 . 2007-12-30 04:07 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 19:20 . 2007-12-30 03:26 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 11:23 . 2007-12-30 10:26 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07 . 2007-12-30 03:24 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31 . 2007-12-30 04:03 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:37 . 2002-08-29 08:04 2148864 -c--a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52 . 2002-08-29 08:04 2027008 -c--a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 11:13 . 2007-12-30 04:07 186880 -c--a-w- c:windowssystem32encdec.dll

2011-10-17 18:48 . 2011-10-17 18:48 21035 ----a-w- c:windowssystem32driversAegisP.sys

2011-03-21 01:17 . 2011-03-21 01:16 46972928 ----a-w- c:program fileszaSetup_92_105_000_en.exe

2011-03-19 04:25 . 2011-03-19 04:24 3033192 -c--a-w- c:program filesccsetup304.exe

2011-01-27 03:18 . 2011-01-27 03:18 629968 ----a-w- c:program filesPartyPokerNetSetup.exe

2010-04-30 06:49 . 2010-04-30 06:49 7184528 -c--a-w- c:program filesasc-setup.exe

2010-04-30 06:42 . 2010-04-30 06:42 16409960 ----a-w- c:program filesspybotsd162.exe

2010-04-30 06:24 . 2010-04-30 06:24 3103640 ----a-w- c:program filesspywareblastersetup43.exe

2010-03-14 16:29 . 2010-03-14 16:28 336 ----a-w- c:program filestemp995.bat

2008-07-11 22:39 . 2008-07-12 02:30 262144 -c--a-w- c:program filesUninstall Spy Blocker.dll

.

.

((((((((((((((((((((((((((((( [email protected]_01.39.40 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-01-24 12:54 . 2012-01-05 02:10 571112 c:windowssystem32perfh009.dat

+ 2003-01-24 12:54 . 2012-01-07 02:05 571112 c:windowssystem32perfh009.dat

+ 2003-01-24 12:54 . 2012-01-07 02:05 109606 c:windowssystem32perfc009.dat

- 2003-01-24 12:54 . 2012-01-05 02:10 109606 c:windowssystem32perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program filesAWSWeatherBugWeather.exe" [2004-11-08 1597440]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2011-11-10 73360]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2011-12-03 2415456]

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoWinKeys"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoFavoritesMenu"= 1 (0x1)

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-12-28 20:06 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"aawservice"=2 (0x2)

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"MSMSGS"="c:program filesMessengermsmsgs.exe" /background

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [5/28/2008 9:33 AM 12872]

R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [5/28/2008 9:33 AM 67656]

R2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filesCheckPointZAForceFieldISWKL.sys [11/3/2011 9:44 AM 27016]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:windowssystem32driversCoachCap.sys --> c:windowssystem32driversCoachCap.sys [?]

S3 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

S3 PCDRDRV;Pcdr Helper Driver;??c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys --> c:progra~1PC-DOC~1DIAGNO~1PCDRDRV.sys [?]

S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [5/28/2008 9:33 AM 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filesCheckPointZAForceFieldISWSVC.exe [11/3/2011 9:44 AM 497280]

S4 msCMTSrvc;Content Monitoring Tool;c:windowssystem32msCMTSrvc.exe --> c:windowssystem32msCMTSrvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-08 c:windowsTasksUser_Feed_Synchronization-{8D041CAF-F681-4B08-9EAD-EAC2F1451AA4}.job

- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/login.php

uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/

mSearch Bar = hxxp://srch-qus7.hpwis.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: DirectAnimation Java Classes - file://c:windowsJavaclassesdajava.cab

DPF: Microsoft XML Parser for Java - file://c:windowsJavaclassesxmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-08 12:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(876)

c:program filesSUPERAntiSpywareSASWINLO.DLL

c:windowssystem32WININET.dll

.

- - - - - - - > 'explorer.exe'(3848)

c:windowssystem32WININET.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

.

Completion time: 2012-01-08 12:14:38

ComboFix-quarantined-files.txt 2012-01-08 17:14

ComboFix2.txt 2012-01-07 22:20

ComboFix3.txt 2012-01-07 01:46

.

Pre-Run: 23,063,560,192 bytes free

Post-Run: 23,069,503,488 bytes free

.

- - End Of File - - B27E0C662383CE35B430CD97907E501F

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

Lets get a look with another tool and dig a little deeper. :)

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------

Share this post


Link to post
Share on other sites

OTL logfile created on: 1/8/2012 6:24:09 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsOwnerDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 245.84 Mb Available Physical Memory | 51.27% Memory free

1.10 Gb Paging File | 0.75 Gb Available in Paging File | 68.52% Paging File free

Paging file location(s): C:pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 33.40 Gb Total Space | 21.49 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Drive D: | 3.89 Gb Total Space | 0.78 Gb Free Space | 20.13% Space Free | Partition Type: FAT32

 

Computer Name: YOUR-N3TY7ATHD5 | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:Documents and SettingsOwnerDesktopOTL.exe (OldTimer Tools)

PRC - C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesAVGAVG2012avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesCheckPointZoneAlarmvsmon.exe (Check Point Software Technologies LTD)

PRC - C:Program FilesCheckPointZoneAlarmzatray.exe (Check Point Software Technologies LTD)

PRC - C:Program FilesAVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesAVGAVG2012avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesAVGAVG2012avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesAVGAVG2012avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program FilesAVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)

PRC - C:Program FilesAWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.)

PRC - C:WINDOWSsystem32HPZipm12.exe (HP)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NMSAccess) -- File not found

SRV - (msCMTSrvc) -- File not found

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (vsmon) -- C:Program FilesCheckPointZoneAlarmvsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:Program FilesCheckPointZAForceFieldIswSvc.exe (Check Point Software Technologies)

SRV - (AVGIDSAgent) -- C:Program FilesAVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:Program FilesAVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Pml Driver HPZ12) -- C:WINDOWSsystem32HPZipm12.exe (HP)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- File not found

DRV - (SASKUTIL) -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:Program FilesSUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Vsdatant) -- C:WINDOWSsystem32vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:Program FilesCheckPointZAForceFieldISWKL.sys (Check Point Software Technologies)

DRV - (Avgldx86) -- C:WINDOWSsystem32driversavgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:WINDOWSsystem32driversAVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:WINDOWSsystem32DRIVERSavgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:WINDOWSsystem32driversavgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:WINDOWSsystem32driversavgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:WINDOWSsystem32driversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:WINDOWSsystem32driversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (StarOpen) -- C:WINDOWSSystem32driversStarOpen.sys ()

DRV - (motmodem) -- C:WINDOWSsystem32driversmotmodem.sys (Motorola)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:WINDOWSsystem32driversALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:WINDOWSsystem32driversrtl8139.sys (Realtek Semiconductor Corporation)

DRV - (wg111nd5) -- C:WINDOWSsystem32driverswg111nd5.sys (NETGEAR, Inc.)

DRV - (S3Psddr) -- C:WINDOWSsystem32driverss3gnbm.sys (S3 Graphics, Inc.)

DRV - (ltmodem5) -- C:WINDOWSsystem32driversltmdmnt.sys (LT)

DRV - (BANTExt) -- C:WINDOWSSystem32DriversBANTExt.sys ()

DRV - (pfc) -- C:WINDOWSsystem32driverspfc.sys (Padus, Inc.)

DRV - (nv_agp) -- C:WINDOWSSystem32DRIVERSnv_agp.sys (NVIDIA Corporation)

DRV - (Ps2) -- C:WINDOWSsystem32driversPS2.sys (Hewlett-Packard Company)

DRV - (viaagp1) -- C:WINDOWSSystem32DRIVERSviaagp1.sys (VIA Technologies, Inc.)

DRV - (ICAM3NT5) -- C:WINDOWSsystem32driversIcam3.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://srch-qus7.hpwis.com/

IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://srch-qus7.hpwis.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.facebook.com/login.php

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/FFApi: C:Program FilesCheckPointZAForceFieldTrustCheckerbinnpFFApi.dll ()

FF - [email protected]/GpsControl: C:Program FilesGarmin GPS PluginnpGarmin.dll (GARMIN Corp.)

FF - [email protected]/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/UnityPlayer,version=1.0: C:Documents and SettingsOwnerLocal SettingsApplication DataUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:Program FilesCheckPointZAForceFieldTrustChecker [2011/11/26 11:33:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4 [2012/01/05 20:28:05 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2012/01/07 17:07:13 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll (Sun Microsystems, Inc.)

O3 - HKCU..ToolbarShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU..ToolbarShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program FilesCheckPointZAForceFieldTrustcheckerbinTrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [ZoneAlarm] C:Program FilesCheckPointZoneAlarmzatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveSearch = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoLowDiskSpaceChecks = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoWinKeys = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoSMMyDocs = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoFavoritesMenu = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binnpjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk ()

O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk ()

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:WINDOWSJavaclassesdajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:WINDOWSJavaclassesxmldso.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{733D3642-D733-402B-95C3-B9CFE83B7BA9}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - ProtocolHandlerbelarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:Program FilesBelarcAdvisorSystemBAVoilaX.dll (Belarc, Inc.)

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O20 - WinlogonNotifydimsntfy: DllName - () - File not found

O20 - WinlogonNotifyigfxcui: DllName - (igfxsrvc.dll) - C:WINDOWSSystem32igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsOwnerLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsOwnerLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/01/24 09:07:32 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2012avgrsx.exe /sync /restart)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/08 18:22:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe

[2012/01/07 21:15:14 | 000,000,000 | ---D | C] -- C:Program FilesESET

[2012/01/06 23:55:33 | 000,000,000 | ---D | C] -- C:$AVG

[2012/01/06 20:24:15 | 000,000,000 | RHSD | C] -- C:cmdcons

[2012/01/06 11:43:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:WINDOWSSWREG.exe

[2012/01/06 11:43:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:WINDOWSSWSC.exe

[2012/01/06 11:43:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:WINDOWSSWXCACLS.exe

[2012/01/06 11:43:14 | 000,060,416 | ---- | C] (NirSoft) -- C:WINDOWSNIRCMD.exe

[2012/01/05 22:18:38 | 004,374,678 | R--- | C] (Swearware) -- C:Documents and SettingsOwnerDesktopComboFix.exe

[2012/01/05 20:30:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsOwnerApplication DataAVG2012

[2012/01/05 20:28:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsAVG 2012

[2012/01/05 20:25:52 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAVG2012

[2012/01/05 20:25:52 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32driversAVG

[2012/01/05 20:07:57 | 000,000,000 | -H-D | C] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2012/01/05 20:02:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMFAData

[2012/01/05 19:57:49 | 000,000,000 | ---D | C] -- C:WINDOWSERDNT

[2012/01/05 19:14:22 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/01/04 21:08:48 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachebckgres.dll

[2012/01/04 21:08:48 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachebckg.dll

[2012/01/04 21:08:48 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachebckgzm.exe

[2012/01/04 21:08:48 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachervsezm.exe

[2012/01/04 21:08:47 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachechkrres.dll

[2012/01/04 21:08:47 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachervseres.dll

[2012/01/04 21:08:47 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachervse.dll

[2012/01/04 21:08:47 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachechkrzm.exe

[2012/01/04 21:08:47 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheshvlzm.exe

[2012/01/04 21:08:47 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachechkr.dll

[2012/01/04 21:08:46 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheshvlres.dll

[2012/01/04 21:08:46 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachehrtzres.dll

[2012/01/04 21:08:46 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheshvl.dll

[2012/01/04 21:08:46 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachehrtz.dll

[2012/01/04 21:08:46 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachehrtzzm.exe

[2012/01/04 21:08:45 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachecmnresm.dll

[2012/01/04 21:08:45 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachecmnclim.dll

[2012/01/04 21:08:45 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachezoneclim.dll

[2012/01/04 21:08:45 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachezcorem.dll

[2012/01/04 21:08:45 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheuniansi.dll

[2012/01/04 21:08:45 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheznetm.dll

[2012/01/04 21:08:45 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachezonelibm.dll

[2012/01/04 21:08:45 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachezeeverm.dll

[2012/01/04 21:08:44 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachezclientm.exe

[2012/01/04 21:08:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32write.exe

[2012/01/04 21:08:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachewrite.exe

[2012/01/04 21:08:30 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32sndvol32.exe

[2012/01/04 21:08:30 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesndvol32.exe

[2012/01/04 21:08:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheavwav.dll

[2012/01/04 21:08:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32avwav.dll

[2012/01/04 21:08:30 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:WINDOWSSystem32hticons.dll

[2012/01/04 21:08:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheavmeter.dll

[2012/01/04 21:08:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32avmeter.dll

[2012/01/04 21:08:30 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:WINDOWSSystem32dllcachehtrn_jis.dll

[2012/01/04 21:08:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcacheavtapi.dll

[2012/01/04 21:08:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32avtapi.dll

[2012/01/04 21:08:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32winchat.exe

[2012/01/04 21:08:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachewinchat.exe

[2012/01/04 21:08:17 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32getuname.dll

[2012/01/04 21:08:17 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachegetuname.dll

[2012/01/04 21:08:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachecharmap.exe

[2012/01/04 21:08:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32charmap.exe

[2012/01/04 21:08:16 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachecalc.exe

[2012/01/04 21:08:16 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32calc.exe

[2012/01/04 21:08:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32sol.exe

[2012/01/04 21:08:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesol.exe

[2012/01/04 21:08:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mshearts.exe

[2012/01/04 21:08:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachemshearts.exe

[2012/01/04 21:08:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32winmine.exe

[2012/01/04 21:08:15 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachewinmine.exe

[2012/01/04 21:08:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32freecell.exe

[2012/01/04 21:08:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachefreecell.exe

[2012/01/04 21:08:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesmierrsm.dll

[2012/01/04 21:08:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesmimsgif.dll

[2012/01/04 21:08:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesmierrsy.dll

[2012/01/04 21:08:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachesnmpstup.dll

[2012/01/04 09:28:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsH&R Block 2010

[2012/01/03 21:46:13 | 000,000,000 | R--D | C] -- C:Documents and SettingsOwnerMy DocumentsMy Videos

[2012/01/03 21:46:13 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Videos

[2012/01/03 21:46:13 | 000,000,000 | R--D | C] -- C:Documents and SettingsOwnerMy DocumentsMy Pictures

[2012/01/03 21:46:13 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Pictures

[2012/01/03 21:46:13 | 000,000,000 | R--D | C] -- C:Documents and SettingsOwnerMy DocumentsMy Music

[2012/01/03 21:46:13 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersFavorites

[2012/01/03 21:39:47 | 000,000,000 | ---D | C] -- C:HiJack This

[2012/01/03 21:37:50 | 000,000,000 | ---D | C] -- C:Documents and SettingsOwnerStart MenuProgramsHiJackThis

[2012/01/03 21:37:49 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro

[2012/01/01 23:54:16 | 000,000,000 | ---D | C] -- C:Pictures

[2012/01/01 23:31:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAdobe

[2012/01/01 23:31:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersTemplates

[2011/12/31 21:13:27 | 000,000,000 | RH-D | C] -- C:Documents and SettingsOwnerRecent

[2011/12/31 15:49:48 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataBlueSprig

[2011/12/30 15:37:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsOwnerStart MenuProgramsPartyPoker.net

[2011/12/28 08:13:58 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2011/12/21 21:07:26 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32LMRTREND.dll

[2011/12/21 21:07:24 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:WINDOWSSystem32tm20dec.ax

[2011/12/21 21:07:20 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dxtmsft3.dll

[2011/12/21 21:06:38 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32unam4ie.exe

[2011/12/21 21:06:35 | 000,000,000 | R--D | C] -- C:Documents and SettingsAll UsersDocumentsMy Music

[2011/12/21 21:06:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mciqtz.drv

[2011/12/21 21:06:22 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32qcut.dll

[2011/12/21 21:06:17 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32w95inf32.dll

[2011/12/21 21:06:16 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32w95inf16.dll

[2011/12/21 21:05:47 | 000,077,312 | ---- | C] (Twain Working Group) -- C:WINDOWSSystem32TWAIN_32.DLL

[2011/12/21 20:44:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dshowext.ax

[2011/12/21 20:44:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32dllcachedshowext.ax

[2011/12/18 20:21:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsOwnerStart MenuProgramsjv16 PowerTools 2011

[2011/12/18 20:21:18 | 000,000,000 | ---D | C] -- C:Program Filesjv16 PowerTools 2011

[2011/12/18 20:11:51 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMalwarebytes' Anti-Malware

[2011/12/18 20:11:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys

[2011/12/18 20:11:43 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware

[2011/12/17 10:31:39 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesHewlett-Packard

[2011/12/17 10:27:43 | 000,061,440 | ---- | C] (HP) -- C:WINDOWSSystem32HPZinw12.exe

[2011/12/17 10:27:42 | 000,204,800 | ---- | C] (HP) -- C:WINDOWSSystem32HPZipr12.dll

[2011/12/17 10:27:42 | 000,094,208 | ---- | C] (HP) -- C:WINDOWSSystem32HPZipt12.dll

[2011/12/17 10:27:42 | 000,069,632 | ---- | C] (HP) -- C:WINDOWSSystem32HPZipm12.exe

[2011/12/17 10:27:42 | 000,057,344 | ---- | C] (HP) -- C:WINDOWSSystem32HPZisn12.dll

[2011/12/17 10:27:41 | 000,278,584 | ---- | C] (HP) -- C:WINDOWSSystem32HPZidr12.dll

[2011/12/17 10:24:17 | 000,180,315 | ---- | C] (HP) -- C:WINDOWSSystem32hpzsnt12.dll

[2011/03/18 23:24:53 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:Program Filesccsetup304.exe

[2010/04/30 01:49:25 | 007,184,528 | ---- | C] (IObit ) -- C:Program Filesasc-setup.exe

[2010/04/30 01:42:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:Program Filesspybotsd162.exe

[2010/04/30 01:24:01 | 003,103,640 | ---- | C] (Javacool Software LLC ) -- C:Program Filesspywareblastersetup43.exe

[2008/07/11 21:30:22 | 000,262,144 | ---- | C] (ZoneAlarm) -- C:Program FilesUninstall Spy Blocker.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/08 18:32:05 | 000,000,422 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{8D041CAF-F681-4B08-9EAD-EAC2F1451AA4}.job

[2012/01/08 18:22:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsOwnerDesktopOTL.exe

[2012/01/08 11:45:45 | 004,374,678 | R--- | M] (Swearware) -- C:Documents and SettingsOwnerDesktopComboFix.exe

[2012/01/08 11:09:55 | 086,269,174 | ---- | M] () -- C:WINDOWSSystem32driversAVGincavi.avm

[2012/01/08 11:00:20 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/01/08 11:00:19 | 502,845,440 | -HS- | M] () -- C:hiberfil.sys

[2012/01/07 17:07:13 | 000,000,027 | ---- | M] () -- C:WINDOWSSystem32driversetchosts

[2012/01/06 21:05:20 | 000,571,112 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/01/06 21:05:20 | 000,109,606 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/01/06 20:24:25 | 000,000,316 | RHS- | M] () -- C:boot.ini

[2012/01/06 17:32:50 | 000,026,403 | ---- | M] () -- C:WINDOWSSystem32driversAVGiavichjg.avm

[2012/01/05 20:28:06 | 000,000,710 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAVG 2012.lnk

[2012/01/05 12:56:22 | 000,001,499 | ---- | M] () -- C:Documents and SettingsOwnerDesktopSolitaire.lnk

[2012/01/05 02:36:08 | 000,000,561 | ---- | M] () -- C:Documents and SettingsOwnerDesktopHijackThis.lnk

[2012/01/05 02:22:31 | 000,000,527 | ---- | M] () -- C:Documents and SettingsOwnerDesktopdds.lnk

[2012/01/04 23:38:15 | 000,148,400 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2012/01/04 21:11:26 | 000,004,507 | ---- | M] () -- C:WINDOWSimsins.BAK

[2012/01/04 21:09:02 | 000,000,812 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchWindows Media Player.lnk

[2012/01/04 21:06:57 | 000,000,057 | ---- | M] () -- C:WINDOWSSystem32mapisvc.inf

[2012/01/04 09:28:41 | 000,001,690 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopH&R Block 2010.lnk

[2012/01/03 16:01:54 | 000,000,823 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/03 15:31:29 | 000,000,792 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk

[2012/01/02 01:23:26 | 000,001,463 | ---- | M] () -- C:Documents and SettingsOwnerDesktopautoruns.lnk

[2012/01/02 00:18:41 | 000,001,364 | ---- | M] () -- C:Documents and SettingsOwnerDesktopJohnson Family.lnk

[2012/01/02 00:18:18 | 000,001,369 | ---- | M] () -- C:Documents and SettingsOwnerDesktopFamily Pictures.lnk

[2012/01/02 00:18:04 | 000,001,404 | ---- | M] () -- C:Documents and SettingsOwnerDesktopHinson Family Pictures.lnk

[2012/01/02 00:17:25 | 000,001,359 | ---- | M] () -- C:Documents and SettingsOwnerDesktopPam's Wedding.lnk

[2012/01/01 23:31:16 | 000,001,748 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 7.0.lnk

[2012/01/01 23:30:47 | 000,526,447 | ---- | M] () -- C:Documents and SettingsOwnerMy Documentsbcertificatapp.pdf

[2012/01/01 12:22:50 | 000,000,000 | ---- | M] () -- C:Documents and SettingsOwnerReset_IE_Windows.reg

[2011/12/31 14:55:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl

[2011/12/30 15:37:15 | 000,001,743 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchPartyPoker.net.lnk

[2011/12/30 15:37:15 | 000,001,725 | ---- | M] () -- C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk

[2011/12/27 17:54:27 | 000,000,177 | ---- | M] () -- C:Documents and SettingsOwnerDesktopGoogle.url

[2011/12/26 04:55:46 | 000,000,113 | ---- | M] () -- C:WINDOWSphotoimpression.ini

[2011/12/26 04:55:46 | 000,000,029 | ---- | M] () -- C:WINDOWSvideoimp.ini

[2011/12/24 20:25:49 | 000,000,754 | ---- | M] () -- C:WINDOWSWORDPAD.INI

[2011/12/23 20:54:03 | 000,000,199 | ---- | M] () -- C:Boot.bak

[2011/12/21 21:06:57 | 000,023,392 | ---- | M] () -- C:WINDOWSSystem32nscompat.tlb

[2011/12/21 21:06:57 | 000,016,832 | ---- | M] () -- C:WINDOWSSystem32amcompat.tlb

[2011/12/21 21:06:14 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:WINDOWSSystem32w95inf32.dll

[2011/12/21 21:06:14 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:WINDOWSSystem32w95inf16.dll

[2011/12/21 07:14:57 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2011/12/20 19:16:55 | 000,000,762 | ---- | M] () -- C:Documents and SettingsOwnerDesktopSpywareBlaster.lnk

[2011/12/18 20:22:16 | 000,000,022 | -HS- | M] () -- C:WINDOWSSystem5537 Data.Repository

[2011/12/18 20:22:16 | 000,000,022 | -HS- | M] () -- C:Documents and SettingsOwnerApplication DataSys2662.Config.Repository.bin

[2011/12/18 20:21:36 | 000,001,590 | ---- | M] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick Launchjv16 PowerTools 2011.lnk

[2011/12/18 20:21:36 | 000,001,572 | ---- | M] () -- C:Documents and SettingsOwnerDesktopjv16 PowerTools 2011.lnk

[2011/12/17 10:32:22 | 000,102,262 | ---- | M] () -- C:WINDOWShpoins05.dat

[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys

 

========== Files Created - No Company Name ==========

 

[2012/01/08 11:09:55 | 086,269,174 | ---- | C] () -- C:WINDOWSSystem32driversAVGincavi.avm

[2012/01/06 21:00:34 | 502,845,440 | -HS- | C] () -- C:hiberfil.sys

[2012/01/06 20:24:25 | 000,000,199 | ---- | C] () -- C:Boot.bak

[2012/01/06 20:24:20 | 000,260,272 | RHS- | C] () -- C:cmldr

[2012/01/06 17:32:49 | 000,026,403 | ---- | C] () -- C:WINDOWSSystem32driversAVGiavichjg.avm

[2012/01/06 11:43:14 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe

[2012/01/06 11:43:14 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe

[2012/01/06 11:43:14 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe

[2012/01/06 11:43:14 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe

[2012/01/06 11:43:14 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe

[2012/01/05 20:28:06 | 000,000,710 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAVG 2012.lnk

[2012/01/05 12:56:22 | 000,001,499 | ---- | C] () -- C:Documents and SettingsOwnerDesktopSolitaire.lnk

[2012/01/05 02:36:08 | 000,000,561 | ---- | C] () -- C:Documents and SettingsOwnerDesktopHijackThis.lnk

[2012/01/05 02:22:31 | 000,000,527 | ---- | C] () -- C:Documents and SettingsOwnerDesktopdds.lnk

[2012/01/04 21:09:02 | 000,000,812 | ---- | C] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchWindows Media Player.lnk

[2012/01/04 21:09:02 | 000,000,800 | ---- | C] () -- C:Documents and SettingsOwnerStart MenuProgramsWindows Media Player.lnk

[2012/01/04 21:08:20 | 000,065,954 | ---- | C] () -- C:WINDOWSPrairie Wind.bmp

[2012/01/04 21:08:20 | 000,065,832 | ---- | C] () -- C:WINDOWSSanta Fe Stucco.bmp

[2012/01/04 21:08:20 | 000,026,680 | ---- | C] () -- C:WINDOWSRiver Sumida.bmp

[2012/01/04 21:08:20 | 000,017,362 | ---- | C] () -- C:WINDOWSRhododendron.bmp

[2012/01/04 21:08:20 | 000,009,522 | ---- | C] () -- C:WINDOWSZapotec.bmp

[2012/01/04 21:08:19 | 000,065,978 | ---- | C] () -- C:WINDOWSSoap Bubbles.bmp

[2012/01/04 21:08:19 | 000,026,582 | ---- | C] () -- C:WINDOWSGreenstone.bmp

[2012/01/04 21:08:19 | 000,017,336 | ---- | C] () -- C:WINDOWSGone Fishing.bmp

[2012/01/04 21:08:19 | 000,017,062 | ---- | C] () -- C:WINDOWSCoffee Bean.bmp

[2012/01/04 21:08:19 | 000,016,730 | ---- | C] () -- C:WINDOWSFeatherTexture.bmp

[2012/01/04 21:08:19 | 000,001,272 | ---- | C] () -- C:WINDOWSBlue Lace 16.bmp

[2012/01/04 21:08:13 | 000,049,275 | ---- | C] () -- C:WINDOWSSystem32wfospf.mib

[2012/01/04 21:08:13 | 000,026,236 | ---- | C] () -- C:WINDOWSSystem32wins.mib

[2012/01/04 21:08:12 | 000,038,608 | ---- | C] () -- C:WINDOWSSystem32nipx.mib

[2012/01/04 21:08:12 | 000,034,317 | ---- | C] () -- C:WINDOWSSystem32msiprip2.mib

[2012/01/04 21:08:12 | 000,013,767 | ---- | C] () -- C:WINDOWSSystem32msipbtp.mib

[2012/01/04 21:08:12 | 000,004,332 | ---- | C] () -- C:WINDOWSSystem32smi.mib

[2012/01/04 21:08:11 | 000,107,882 | ---- | C] () -- C:WINDOWSSystem32mib_ii.mib

[2012/01/04 21:08:11 | 000,030,448 | ---- | C] () -- C:WINDOWSSystem32mcastmib.mib

[2012/01/04 21:08:11 | 000,021,386 | ---- | C] () -- C:WINDOWSSystem32mipx.mib

[2012/01/04 21:08:11 | 000,010,313 | ---- | C] () -- C:WINDOWSSystem32mripsap.mib

[2012/01/04 21:08:11 | 000,000,581 | ---- | C] () -- C:WINDOWSSystem32msft.mib

[2012/01/04 21:08:10 | 000,048,593 | ---- | C] () -- C:WINDOWSSystem32hostmib.mib

[2012/01/04 21:08:10 | 000,026,100 | ---- | C] () -- C:WINDOWSSystem32lmmib2.mib

[2012/01/04 21:08:10 | 000,016,617 | ---- | C] () -- C:WINDOWSSystem32authserv.mib

[2012/01/04 21:08:10 | 000,015,799 | ---- | C] () -- C:WINDOWSSystem32ipforwd.mib

[2012/01/04 21:08:10 | 000,004,597 | ---- | C] () -- C:WINDOWSSystem32dhcp.mib

[2012/01/04 21:08:09 | 000,015,597 | ---- | C] () -- C:WINDOWSSystem32accserv.mib

[2012/01/04 09:28:41 | 000,001,690 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopH&R Block 2010.lnk

[2012/01/03 16:01:54 | 000,000,823 | ---- | C] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/03 16:01:53 | 000,000,811 | ---- | C] () -- C:Documents and SettingsOwnerStart MenuProgramsInternet Explorer.lnk

[2012/01/03 15:31:29 | 000,000,792 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes Anti-Malware.lnk

[2012/01/03 15:25:47 | 000,004,507 | ---- | C] () -- C:WINDOWSimsins.BAK

[2012/01/02 01:23:26 | 000,001,463 | ---- | C] () -- C:Documents and SettingsOwnerDesktopautoruns.lnk

[2012/01/02 00:16:44 | 000,001,369 | ---- | C] () -- C:Documents and SettingsOwnerDesktopFamily Pictures.lnk

[2012/01/02 00:16:33 | 000,001,404 | ---- | C] () -- C:Documents and SettingsOwnerDesktopHinson Family Pictures.lnk

[2012/01/02 00:16:29 | 000,001,359 | ---- | C] () -- C:Documents and SettingsOwnerDesktopPam's Wedding.lnk

[2012/01/01 23:30:45 | 000,526,447 | ---- | C] () -- C:Documents and SettingsOwnerMy Documentsbcertificatapp.pdf

[2012/01/01 12:22:50 | 000,000,000 | ---- | C] () -- C:Documents and SettingsOwnerReset_IE_Windows.reg

[2011/12/30 15:37:15 | 000,001,743 | ---- | C] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick LaunchPartyPoker.net.lnk

[2011/12/30 15:37:15 | 000,001,725 | ---- | C] () -- C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk

[2011/12/24 20:25:48 | 000,000,754 | ---- | C] () -- C:WINDOWSWORDPAD.INI

[2011/12/21 21:07:49 | 000,000,029 | ---- | C] () -- C:WINDOWSvideoimp.ini

[2011/12/21 21:07:47 | 000,000,113 | ---- | C] () -- C:WINDOWSphotoimpression.ini

[2011/12/21 21:06:26 | 000,010,240 | ---- | C] () -- C:WINDOWSSystem32vidx16.dll

[2011/12/21 21:06:26 | 000,005,672 | ---- | C] () -- C:WINDOWSSystem32quartz.vxd

[2011/12/18 20:22:16 | 000,000,022 | -HS- | C] () -- C:WINDOWSSystem5537 Data.Repository

[2011/12/18 20:22:16 | 000,000,022 | -HS- | C] () -- C:Documents and SettingsOwnerApplication DataSys2662.Config.Repository.bin

[2011/12/18 20:21:36 | 000,001,590 | ---- | C] () -- C:Documents and SettingsOwnerApplication DataMicrosoftInternet ExplorerQuick Launchjv16 PowerTools 2011.lnk

[2011/12/18 20:21:36 | 000,001,572 | ---- | C] () -- C:Documents and SettingsOwnerDesktopjv16 PowerTools 2011.lnk

[2011/12/17 10:25:17 | 000,102,262 | ---- | C] () -- C:WINDOWShpoins05.dat

[2011/12/17 10:25:17 | 000,017,505 | ---- | C] () -- C:WINDOWShpomdl07.dat

[2011/12/13 14:29:17 | 000,001,748 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAdobe Reader 7.0.lnk

[2011/12/13 14:29:15 | 000,002,321 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsAdobe Reader 7.0.lnk

[2011/11/28 17:15:06 | 000,112,790 | ---- | C] () -- C:WINDOWShpoins07.dat.temp

[2011/11/28 17:15:06 | 000,021,124 | ---- | C] () -- C:WINDOWShpomdl07.dat.temp

[2011/10/13 22:40:28 | 000,150,058 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-System.dat

[2011/08/24 09:40:24 | 000,206,411 | ---- | C] () -- C:Program Filesbowbie.com.jpg

[2011/06/19 10:37:35 | 000,005,504 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys

[2011/03/20 20:16:23 | 046,972,928 | ---- | C] () -- C:Program FileszaSetup_92_105_000_en.exe

[2011/01/26 22:18:25 | 000,629,968 | ---- | C] () -- C:Program FilesPartyPokerNetSetup.exe

[2010/03/14 11:28:53 | 000,000,336 | ---- | C] () -- C:Program Filestemp995.bat

[2009/02/18 19:59:47 | 000,000,408 | ---- | C] () -- C:WINDOWSPowerReg.dat

[2008/05/13 21:15:50 | 000,009,216 | ---- | C] () -- C:Documents and SettingsOwnerLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/31 22:40:03 | 000,051,716 | ---- | C] () -- C:WINDOWSSystem32pdf995mon.dll

[2007/12/30 19:31:15 | 000,011,134 | ---- | C] () -- C:WINDOWSSystem32msvcr20.dll

[2007/12/30 18:25:19 | 000,060,565 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat

[2007/12/30 18:25:19 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat

[2007/12/30 18:25:19 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat

[2007/12/30 18:25:19 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat

[2007/12/30 18:25:19 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat

[2007/12/30 18:25:19 | 000,010,673 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern4.dat

[2007/12/30 18:25:19 | 000,004,943 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern6.dat

[2007/12/30 18:25:19 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_PT.dat

[2007/12/30 18:25:19 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_BP.dat

[2007/12/30 18:25:19 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat

[2007/12/30 18:25:19 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat

[2007/12/30 18:25:19 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat

[2007/12/30 18:25:19 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat

[2007/12/30 18:25:19 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini

[2007/12/30 18:24:24 | 000,000,058 | ---- | C] () -- C:WINDOWSSystem32EAL32.INI

[2007/12/29 23:07:49 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat

[2007/12/29 23:07:48 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin

[2007/12/29 23:04:10 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat

[2007/12/29 23:04:04 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin

[2007/12/29 23:00:33 | 000,003,840 | ---- | C] () -- C:WINDOWSSystem32driversBANTExt.sys

[2007/12/29 22:24:30 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2007/12/29 22:24:30 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat

[2007/12/29 22:24:28 | 000,004,490 | ---- | C] () -- C:WINDOWSSystem32oembios.dat

[2007/12/29 22:24:23 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin

[2007/12/29 22:24:19 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat

[2007/04/03 19:47:02 | 000,000,142 | ---- | C] () -- C:WINDOWSwpd99.drv

[2007/04/03 19:46:55 | 000,691,545 | ---- | C] () -- C:WINDOWSunins000.exe

[2007/04/03 19:46:55 | 000,002,550 | ---- | C] () -- C:WINDOWSunins000.dat

[2007/04/03 19:46:51 | 000,000,028 | ---- | C] () -- C:WINDOWSpdf995.ini

[2007/04/03 19:46:50 | 000,000,335 | ---- | C] () -- C:WINDOWSnsreg.dat

[2007/04/03 19:46:50 | 000,000,010 | ---- | C] () -- C:WINDOWSmsoffice.ini

[2007/04/03 19:46:36 | 000,006,550 | ---- | C] () -- C:WINDOWSjautoexp.dat

[2007/04/03 19:46:35 | 000,000,044 | ---- | C] () -- C:WINDOWSEPR220.ini

[2007/03/27 09:45:22 | 000,038,567 | ---- | C] () -- C:WINDOWSSystem32pcpbios.exe

[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:WINDOWSSystem32sysres.dll

[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:WINDOWSSystem32vuins32.dll

[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat

[2003/08/07 13:01:50 | 000,237,568 | ---- | C] () -- C:WINDOWSSystem32lame_enc.dll

[2003/01/25 05:43:47 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini

[2003/01/25 05:43:16 | 000,000,000 | ---- | C] () -- C:WINDOWSSystem32iAlmcoin.dll

[2003/01/24 10:36:27 | 000,073,728 | ---- | C] () -- C:WINDOWSSystem32IntroReg.dll

[2003/01/24 10:36:25 | 000,024,576 | ---- | C] () -- C:WINDOWSSystem32syscontr.dll

[2003/01/24 10:36:24 | 000,036,864 | ---- | C] () -- C:WINDOWSSystem32hpreg.dll

[2003/01/24 10:27:03 | 000,008,822 | ---- | C] () -- C:WINDOWSmozver.dat

[2003/01/24 10:18:55 | 000,000,052 | ---- | C] () -- C:WINDOWSintuprof.ini

[2003/01/24 10:18:40 | 000,000,608 | ---- | C] () -- C:WINDOWSQUICKEN.INI

[2003/01/24 09:41:30 | 000,266,240 | ---- | C] () -- C:WINDOWSSystem32shpshftr.dll

[2003/01/24 09:30:21 | 000,299,073 | ---- | C] () -- C:WINDOWSSystem32PythonCOM22.dll

[2003/01/24 09:30:21 | 000,065,536 | ---- | C] () -- C:WINDOWSSystem32PyWinTypes22.dll

[2003/01/24 09:29:52 | 000,016,896 | ---- | C] () -- C:WINDOWSSystem32bcbmm.dll

[2003/01/24 09:11:36 | 000,000,802 | ---- | C] () -- C:WINDOWSorun32.ini

[2003/01/24 09:09:48 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2003/01/24 09:04:56 | 000,021,640 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2003/01/24 07:55:28 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32oeminfo.ini

[2003/01/24 07:54:56 | 000,571,112 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat

[2003/01/24 07:54:56 | 000,109,606 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat

[2003/01/24 01:00:00 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2003/01/24 00:59:01 | 000,148,400 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

 

========== LOP Check ==========

 

[2012/01/05 20:38:00 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAVG2012

[2011/12/31 15:49:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataBlueSprig

[2011/11/26 11:31:53 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataCheckPoint

[2012/01/05 20:07:57 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2010/07/16 22:06:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataDriver Inspector

[2012/01/08 11:10:37 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMFAData

[2010/06/05 22:39:24 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPC Drivers HeadQuarters

[2011/11/25 01:17:08 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop

[2008/08/18 09:58:35 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datapdf995

[2011/02/05 16:27:57 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTaxCut

[2012/01/05 20:30:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataAVG2012

[2011/11/25 03:27:04 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataBabylon

[2011/06/19 10:38:02 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataCanneverbe Limited

[2011/11/26 11:33:51 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataCheckPoint

[2011/06/25 16:34:39 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataDriverFinder

[2011/12/12 13:29:29 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataFrostWire

[2011/10/14 12:36:32 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataGarmin

[2010/04/30 02:07:11 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataIObit

[2008/05/04 21:30:02 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication Dataiolo

[2009/03/16 17:24:11 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataLimeWire

[2008/03/09 17:31:51 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication Datapdf995

[2003/01/24 10:24:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataSampleView

[2011/02/05 16:35:12 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataTaxCut

[2008/08/22 20:44:39 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataTPA Software

[2011/12/19 00:41:46 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataUniblue

[2011/04/14 14:48:39 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataUnity

[2011/12/12 13:29:51 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DatauTorrent

[2003/01/24 10:09:08 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataVERITAS

[2011/12/20 17:36:59 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataWeatherBug

[2008/07/11 17:16:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsOwnerApplication DataWinPatrol

[2012/01/08 18:32:05 | 000,000,422 | -H-- | M] () -- C:WINDOWSTasksUser_Feed_Synchronization-{8D041CAF-F681-4B08-9EAD-EAC2F1451AA4}.job

 

========== Purity Check ==========

 

 

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 1/8/2012 6:24:09 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsOwnerDesktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

479.48 Mb Total Physical Memory | 245.84 Mb Available Physical Memory | 51.27% Memory free

1.10 Gb Paging File | 0.75 Gb Available in Paging File | 68.52% Paging File free

Paging file location(s): C:pagefile.sys 720 1440 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 33.40 Gb Total Space | 21.49 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Drive D: | 3.89 Gb Total Space | 0.78 Gb Free Space | 20.13% Space Free | Partition Type: FAT32

 

Computer Name: YOUR-N3TY7ATHD5 | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

"DisableMonitoring" = 1

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]

"Start" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

"C:Program FilesBearShare ApplicationsBearShareBearShare.exe" = C:Program FilesBearShare ApplicationsBearShareBearShare.exe:*:Enabled:BearShare

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0D9C6525-FE1B-471E-ADF1-BF286546EC58}" = H&R Block North Carolina 2010

"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver Software

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =

"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}" = Coloreal

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader

"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AVG" = AVG 2012

"Belarc Advisor 2.0" = Belarc Advisor 6.1

"CCleaner" = CCleaner

"ESET Online Scanner" = ESET Online Scanner v3

"ie8" = Windows Internet Explorer 8

"jv16 PowerTools 2011" = jv16 PowerTools 2011

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"mtt12" = Mp3 Tag Tools v1.2

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"PartyPokerNet" = PartyPoker.net

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20

"SpywareBlaster_is1" = SpywareBlaster 4.5

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WeatherBug" = WeatherBug

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPatrol" = WinPatrol 2008

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm Free" = ZoneAlarm Free

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 7/16/2010 11:01:56 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = WmiAdapter | ID = 4099

Description = Open of service failed.

 

Error - 7/17/2010 1:24:56 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Application Error | ID = 1000

Description = Faulting application patch.exe, version 0.0.0.0, faulting module patch.exe,

version 0.0.0.0, fault address 0x00002864.

 

Error - 7/17/2010 1:25:03 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Application Error | ID = 1000

Description = Faulting application patch.exe, version 0.0.0.0, faulting module unknown,

version 0.0.0.0, fault address 0x100027d1.

 

Error - 2/16/2011 4:35:31 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 2/16/2011 4:35:31 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

 

Error - 3/29/2011 9:20:36 AM | Computer Name = YOUR-N3TY7ATHD5 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module ntdll.dll, version 5.1.2600.6055, fault address 0x0000ff56.

 

Error - 6/17/2011 9:09:20 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19046, fault address 0x000e1584.

 

Error - 6/28/2011 4:30:14 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = MsiInstaller | ID = 11719

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1719.The

Windows Installer Service could not be accessed. This can occur if you are running

Windows in safe mode, or if the Windows Installer is not correctly installed. Contact

your support personnel for assistance.

 

Error - 6/28/2011 4:30:14 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2478658'

could not be installed. Error code 1603. Additional information is available in

the log file C:WINDOWSsystem32configSYSTEM~1LOCALS~1TempMicrosoft .NET Framework

2.0-KB2478658_20110628_202937265-Msi0.txt.

 

Error - 6/28/2011 4:30:17 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2478658,

P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

1719.

 

[ System Events ]

Error - 1/6/2012 9:20:16 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Workstation service which

failed to start because of the following error: %%2

 

Error - 1/6/2012 9:20:16 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AmdK7 Avgldx86 Avgmfx86 BANTExt Fips MRxSmb Rdbss SASDIFSV SASKUTIL

 

Error - 1/6/2012 9:20:16 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error: %%2

 

Error - 1/6/2012 9:47:52 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 1/6/2012 9:56:08 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 1/6/2012 10:01:31 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7000

Description = The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to

start due to the following error: %%2

 

Error - 1/7/2012 10:45:46 AM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7000

Description = The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to

start due to the following error: %%2

 

Error - 1/7/2012 6:03:09 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = PlugPlayManager | ID = 11

Description = The device RootLEGACY_ESIHDRV0000 disappeared from the system without

first being prepared for removal.

 

Error - 1/7/2012 6:08:00 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7000

Description = The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to

start due to the following error: %%2

 

Error - 1/8/2012 12:01:11 PM | Computer Name = YOUR-N3TY7ATHD5 | Source = Service Control Manager | ID = 7000

Description = The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to

start due to the following error: %%2

 

 

< End of report >

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

You are correct about the amount of RAM. You would be better served by having more than you do now. I am not a big fan of AVG and ZoneAlarm. In my experience I have found that those two programs are resource hogs. If you would like for me to suggest something different please let me know and I will.

-----------

 

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

---------------

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    SRV - (NMSAccess) -- File not found
    SRV - (msCMTSrvc) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/login.php
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Owner\Desktop\PartyPoker.net.lnk ()
    O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Owner\Desktop\PartyPoker.net.lnk ()
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Value error.)
    
    :Files
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=-
    
    :Commands
    [purity]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [emptytemp]
    [clearallrestorepoints]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
-------------------

 

In your next reply please let me know about AVG and ZoneAlarm. Also please post both of the logs that are created by OTL. :)

Share this post


Link to post
Share on other sites

I would appreciate any suggestions, even on software. Indeed send the info. I am posting this first scan, but I just noticed that the 2nd scan (after reboot) is to be done without the LOP Check or Purity boxes checked. Before doing the 2nd scan, I wanted to be sure I was doing this correctly. I ran first scan with those boxes not checked. Will I also need to copy contents of the box for 2nd run? For what is worth, after the reboot, I was missing an icon off the desktop. Party Poker. Was not uninstalled just icon was snatched. My home page was also changed to MSN.com. Did you expect this? Thanks for your patience and time.

 

 

 

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Service NMSAccess stopped successfully!

Service NMSAccess deleted successfully!

File File not found not found.

Service msCMTSrvc stopped successfully!

Service msCMTSrvc deleted successfully!

File File not found not found.

Service HidServ stopped successfully!

Service HidServ deleted successfully!

File File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File File not found not found.

HKLMSOFTWAREMicrosoftInternet ExplorerMainSearch Bar| /E : value set successfully!

HKLMSOFTWAREMicrosoftInternet ExplorerSearchDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerSearchSearchAssistant| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk moved successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

File C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk not found.

Starting removal of ActiveX control {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:Documents and SettingsOwnerDesktopcmd.bat deleted successfully.

C:Documents and SettingsOwnerDesktopcmd.txt deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsListC:Program FilesBearShare ApplicationsBearShareBearShare.exe deleted successfully.

========== COMMANDS ==========

C:WINDOWSSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Java cache emptied: 0 bytes

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

->Flash cache emptied: 70 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Flash cache emptied: 875 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Owner

->Temp folder emptied: 82346 bytes

->Temporary Internet Files folder emptied: 19923376 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 704 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 334885 bytes

 

Total Files Cleaned = 20.00 mb

 

Restore points cleared and new OTL Restore Point set!

Error: Unable to interpret <[Reboot> in the current context!

 

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_013110

FilesFolders moved on Reboot...

C:Documents and SettingsOwnerLocal SettingsTemp~DF1DCA.tmp moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5RPNXNFS9index[2].htm moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5NGP2N8CBfastbutton[1].htm moved successfully.

FileFolder C:WINDOWStempZLT016ad.TMP not found!

Registry entries deleted on Reboot...

Edited by NascarFan19

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

the 2nd scan (after reboot) is to be done without the LOP Check or Purity boxes checked. Before doing the 2nd scan, I wanted to be sure I was doing this correctly.

Yes please go ahead and run OTL without LOP or Purity checked. :)

------------

 

To begin with I would remove AVG using the tool here. Download and run the tool and then reboot your system.

-----------

 

I would recommend using either Microsoft Security Essentials or

Avast as your antivirus program. They are much lighter on resources, but be sure to just choose one.

 

Are you using a wireless router? If you are I would recommend just using the Windows Firewall that comes with the system. The wireless router is a like a firewall in itself if you have it secured. If you are not using a wireless router I would recommend either of these two following programs but choose only one... Online Armor Free or

Agnitum Outpost Firewall Free

-------------

 

The changes that were made to your system I did expect. When we are finished you can change your homepage without problem and add the Party Poker shortcut back.

-------------

 

In your next reply please post the new OTL log and let me know what problems you are still having. :)

Share this post


Link to post
Share on other sites

I will look into the programs you suggested after we get finalized here, and again, I thank you for the suggestions. I just now reran OTL with the 2 checks in place and after reboot, I ran it again withOUT the checks. I also copied and pasted the same text into the Custom Scan Window. Again, I appreciate your patience with me.

 

 

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Error: No service named NMSAccess was found to stop!

ServiceDriver key NMSAccess not found.

File File not found not found.

Error: No service named msCMTSrvc was found to stop!

ServiceDriver key msCMTSrvc not found.

File File not found not found.

Error: No service named HidServ was found to stop!

ServiceDriver key HidServ not found.

File File not found not found.

Error: No service named AppMgmt was found to stop!

ServiceDriver key AppMgmt not found.

File File not found not found.

HKLMSOFTWAREMicrosoftInternet ExplorerMainSearch Bar| /E : value set successfully!

HKLMSOFTWAREMicrosoftInternet ExplorerSearchDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerSearchSearchAssistant| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk moved successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

File C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk not found.

Starting removal of ActiveX control {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:Documents and SettingsOwnerDesktopcmd.bat deleted successfully.

C:Documents and SettingsOwnerDesktopcmd.txt deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsListC:Program FilesBearShare ApplicationsBearShareBearShare.exe not found.

========== COMMANDS ==========

C:WINDOWSSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Java cache emptied: 0 bytes

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Flash cache emptied: 470 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 98304 bytes

->Temporary Internet Files folder emptied: 17819992 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 704 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 17.00 mb

 

Restore points cleared and new OTL Restore Point set!

Error: Unable to interpret <[Reboot> in the current context!

 

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_111632

FilesFolders moved on Reboot...

C:Documents and SettingsOwnerLocal SettingsTemp~DFACFB.tmp moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5UJFZ6UUQindex[4].htm moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5SWP3HDYJfastbutton[1].htm moved successfully.

C:WINDOWStempZLT03fa6.TMP moved successfully.

Registry entries deleted on Reboot...

 

 

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Error: No service named NMSAccess was found to stop!

ServiceDriver key NMSAccess not found.

File File not found not found.

Error: No service named msCMTSrvc was found to stop!

ServiceDriver key msCMTSrvc not found.

File File not found not found.

Error: No service named HidServ was found to stop!

ServiceDriver key HidServ not found.

File File not found not found.

Error: No service named AppMgmt was found to stop!

ServiceDriver key AppMgmt not found.

File File not found not found.

HKLMSOFTWAREMicrosoftInternet ExplorerMainSearch Bar| /E : value set successfully!

HKLMSOFTWAREMicrosoftInternet ExplorerSearchDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainDefault_Search_URL| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

HKCUSOFTWAREMicrosoftInternet ExplorerSearchSearchAssistant| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarShellBrowser{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

File C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{F4430FE8-2638-42e5-B849-800749B94EED} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4430FE8-2638-42e5-B849-800749B94EED} not found.

File C:Documents and SettingsOwnerDesktopPartyPoker.net.lnk not found.

Starting removal of ActiveX control {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:Documents and SettingsOwnerDesktopcmd.bat deleted successfully.

C:Documents and SettingsOwnerDesktopcmd.txt deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsListC:Program FilesBearShare ApplicationsBearShareBearShare.exe not found.

========== COMMANDS ==========

C:WINDOWSSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Java cache emptied: 0 bytes

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Owner

->Flash cache emptied: 456 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

->Temp folder emptied: 49152 bytes

->Temporary Internet Files folder emptied: 3271520 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 256 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3.00 mb

 

Restore points cleared and new OTL Restore Point set!

Error: Unable to interpret <[Reboot> in the current context!

 

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_113257

FilesFolders moved on Reboot...

C:Documents and SettingsOwnerLocal SettingsTemp~DF4493.tmp moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE5M44Q85V2index[1].htm moved successfully.

C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE50D26PN4Kfastbutton[1].htm moved successfully.

FileFolder C:WINDOWStempZLT03fd2.TMP not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

How is your system running now?

-----------

 

Lets get some updates on your system...

 

 

 

You have an older version of Adobe Reader. You can download the current version HERE

 

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

 

Visit their support forum

Foxit Forum

 

In either case you should uninstall Adobe Reader 7.0 first. Be sure to move any PDF documents to another folder first though.

----------

 

 

Please download JavaRa to your desktop and unzip it to its own

folder

  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then

    click Remove Older Versions.

  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest

    Java Runtime Environment (JRE) version for your computer.

----------

 

Please run DDS again and post both of the logs created into your next reply. How is your system running now?

Share this post


Link to post
Share on other sites

Hi Jeff,

 

I downloaded JavaRa and ran it. It produced the following report. I went to the Java website and could not determine which of the download options I should get for my computer. I saw 2 for win xp, win86 and win64 ( I have 32 bit version ). I dumped Adobe and downloaded the Foxit Reader. The system seems to be a bit quicker now.

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 09 18:26:46 2012

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: SoftwareClassesCLSID{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: SoftwareClassesJavaPlugin.160_03

Found and removed: SoftwareJavaSoftJava Update

Found and removed: SoftwareJavaSoftJava Runtime Environment1.6.0_03

Found and removed: SoftwareJavaSoftJava2D1.5.0_03

Found and removed: SOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWAREClassesJavaPlugin

Found and removed: SOFTWAREClassesJavaPlugin.160_03

Found and removed: SOFTWAREJavaSoftJava Plug-in1.6.0_03

Found and removed: SOFTWAREJavaSoftJava Runtime Environment1.6

Found and removed: SOFTWAREJavaSoftJava Runtime Environment1.6.0_03

Found and removed: SOFTWAREJavaSoftJava Web Start1.0.1

Found and removed: SOFTWAREJavaSoftJava Web Start1.0.1_02

Found and removed: SOFTWAREJavaSoftJava Web Start1.0.1_03

Found and removed: SOFTWAREJavaSoftJava Web Start1.0.1_04

Found and removed: SOFTWAREJavaSoftJava Web Start1.2

Found and removed: SOFTWAREJavaSoftJava Web Start1.2.0_01

Found and removed: SOFTWAREJavaSoftJava Web Start1.6.0_03

Found and removed: SOFTWAREMicrosoftActive SetupInstalled Components{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWAREMicrosoftWindowsCurrentVersionInstallerFoldersC:Program FilesJavajre1.6.0_03

Found and removed: SOFTWAREMicrosoftWindowsCurrentVersionInstallerFoldersC:Program FilesCommon FilesJavaUpdateBase Imagesjre1.6.0.b105patch-jre1.6.0_03.b05

------------------------------------

Finished reporting.

Edited by NascarFan19

Share this post


Link to post
Share on other sites

Hi,

 

Glad to hear it is running better now. :)

 

The Java version that you want to get is the Win86 Offline version.

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1

Run by Owner at 17:34:10 on 2012-01-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.75 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Free Firewall *Enabled*

.

============== Running Processes ===============

.

C:PROGRA~1AVGAVG2012avgrsx.exe

C:Program FilesAVGAVG2012avgcsrvx.exe

C:WINDOWSsystem32svchost.exe -k DcomLaunch

svchost.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

C:Program FilesCheckPointZoneAlarmvsmon.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAVGAVG2012avgwdsvc.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSSystem32snmp.exe

C:Program FilesAVGAVG2012AVGIDSAgent.exe

C:Program FilesAVGAVG2012avgnsx.exe

C:Program FilesAVGAVG2012avgemcx.exe

C:Program FilesCheckPointZoneAlarmzatray.exe

C:Program FilesAVGAVG2012avgtray.exe

C:Program FilesAWSWeatherBugWeather.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:WINDOWSSystem32svchost.exe -k imgsvc

C:Program FilesJavajre7binjqs.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/login.php

uDefault_Search_URL =

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant =

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesoraclejavafx 2.0 runtimebinjp2ssv.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [Weather] c:program filesawsweatherbugWeather.exe 1

mRun: [ZoneAlarm] c:program filescheckpointzonealarmzatray.exe

mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe"

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

uPolicies-explorer: NoWinKeys = 1 (0x1)

uPolicies-explorer: NoSMMyDocs = 1 (0x1)

uPolicies-explorer: NoFavoritesMenu = 1 (0x1)

IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

DPF: DirectAnimation Java Classes - file://c:windowsjavaclassesdajava.cab

DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces{733D3642-D733-402B-95C3-B9CFE83B7BA9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:program filesbelarcadvisorsystemBAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll

Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2008-5-28 12872]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2008-5-28 67656]

R1 Vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2011-11-9 525840]

R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:program filescheckpointzaforcefieldISWKL.sys [2011-11-3 27016]

R2 vsmon;TrueVector Internet Monitor;c:program filescheckpointzonealarmvsmon.exe -service --> c:program filescheckpointzonealarmvsmon.exe -service [?]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:windowssystem32driverscoachcap.sys --> c:windowssystem32driversCoachCap.sys [?]

S3 cpuz132;cpuz132;??c:docume~1ownerlocals~1tempcpuz132cpuz132_x32.sys --> c:docume~1ownerlocals~1tempcpuz132cpuz132_x32.sys [?]

S3 PCDRDRV;Pcdr Helper Driver;??c:progra~1pc-doc~1diagno~1pcdrdrv.sys --> c:progra~1pc-doc~1diagno~1PCDRDRV.sys [?]

S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2008-5-28 12872]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504]

S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:program filescheckpointzaforcefieldISWSVC.exe [2011-11-3 497280]

.

=============== Created Last 30 ================

.

2012-01-10 20:17:37 -------- d-----w- c:program filesOracle

2012-01-10 20:13:38 637848 ----a-w- c:windowssystem32npdeployJava1.dll

2012-01-10 20:13:37 567184 ----a-w- c:windowssystem32deployJava1.dll

2012-01-10 05:56:28 -------- d-----w- c:documents and settingsownerapplication dataDriverCure

2012-01-10 05:56:24 -------- d-----w- c:documents and settingsownerapplication dataSpeedyPC Software

2012-01-10 05:55:23 -------- d-----w- c:program filescommon filesSpeedyPC Software

2012-01-10 05:55:13 -------- d-----w- c:program filesSpeedyPC Software

2012-01-10 05:55:13 -------- d-----w- c:documents and settingsall usersapplication dataSpeedyPC Software

2012-01-09 19:06:33 -------- d-----w- c:program filesFoxit Software

2012-01-09 06:31:10 -------- d-----w- C:_OTL

2012-01-08 02:15:14 -------- d-----w- c:program filesESET

2012-01-07 04:55:33 -------- d-----w- C:$AVG

2012-01-07 01:24:15 -------- d-sha-r- C:cmdcons

2012-01-06 16:43:14 98816 ----a-w- c:windowssed.exe

2012-01-06 16:43:14 518144 ----a-w- c:windowsSWREG.exe

2012-01-06 16:43:14 256000 ----a-w- c:windowsPEV.exe

2012-01-06 16:43:14 208896 ----a-w- c:windowsMBR.exe

2012-01-06 01:30:03 -------- d-----w- c:documents and settingsownerapplication dataAVG2012

2012-01-06 01:25:52 -------- d-----w- c:windowssystem32driversAVG

2012-01-06 01:25:52 -------- d-----w- c:documents and settingsall usersapplication dataAVG2012

2012-01-06 01:07:57 -------- d--h--w- c:documents and settingsall usersapplication dataCommon Files

2012-01-06 01:02:02 -------- d-----w- c:documents and settingsall usersapplication dataMFAData

2012-01-04 02:39:47 -------- d-----w- C:HiJack This

2012-01-04 02:37:50 388096 ----a-r- c:documents and settingsownerapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe

2012-01-04 02:37:49 -------- d-----w- c:program filesTrend Micro

2012-01-02 04:54:16 -------- d-----w- C:Pictures

2012-01-01 17:22:50 0 ----a-w- c:documents and settingsownerReset_IE_Windows.reg

2011-12-31 20:49:48 -------- d-----w- c:documents and settingsall usersapplication dataBlueSprig

2011-12-28 13:13:58 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-12-22 02:07:26 38160 ----a-w- c:windowssystem32LMRTREND.dll

2011-12-22 02:07:24 140800 ----a-w- c:windowssystem32tm20dec.ax

2011-12-22 02:07:20 182032 ----a-w- c:windowssystem32dxtmsft3.dll

2011-12-22 02:06:38 63488 ----a-w- c:windowssystem32unam4ie.exe

2011-12-22 02:06:26 5672 ----a-w- c:windowssystem32quartz.vxd

2011-12-22 02:06:26 11776 ----a-w- c:windowssystem32mciqtz.drv

2011-12-22 02:06:26 10240 ----a-w- c:windowssystem32vidx16.dll

2011-12-22 02:06:22 194320 ----a-w- c:windowssystem32qcut.dll

2011-12-22 02:06:17 4608 ----a-w- c:windowssystem32w95inf32.dll

2011-12-22 02:06:16 2272 ----a-w- c:windowssystem32w95inf16.dll

2011-12-22 02:05:47 77312 ----a-w- c:windowssystem32TWAIN_32.DLL

2011-12-22 01:44:15 20992 ----a-w- c:windowssystem32dshowext.ax

2011-12-19 01:22:16 22 --sha-w- c:documents and settingsownerapplication dataSys2662.Config.Repository.bin

2011-12-19 01:21:18 -------- d-----w- c:program filesjv16 PowerTools 2011

2011-12-19 01:11:43 20464 ----a-w- c:windowssystem32driversmbam.sys

2011-12-19 01:11:43 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2011-12-17 15:31:39 -------- d-----w- c:program filescommon filesHewlett-Packard

2011-12-17 15:27:43 61440 ----a-w- c:windowssystem32HPZinw12.exe

2011-12-17 15:27:42 94208 ----a-w- c:windowssystem32HPZipt12.dll

2011-12-17 15:27:42 69632 ----a-w- c:windowssystem32HPZipm12.exe

2011-12-17 15:27:42 57344 ----a-w- c:windowssystem32HPZisn12.dll

2011-12-17 15:27:42 204800 ----a-w- c:windowssystem32HPZipr12.dll

2011-12-17 15:27:41 278584 ----a-w- c:windowssystem32HPZidr12.dll

2011-12-17 15:24:17 180315 ----a-w- c:windowssystem32hpzsnt12.dll

.

==================== Find3M ====================

.

2011-11-23 13:25:32 1859584 ----a-w- c:windowssystem32win32k.sys

2011-11-09 00:56:48 141312 ----a-w- c:windowssystem32javacpl.cpl

2011-11-04 19:20:51 916992 ----a-w- c:windowssystem32wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:windowssystem32licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:windowssystem32inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:windowssystem32html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:windowssystem32ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:windowssystem32csrsrv.dll

2011-10-25 13:37:08 2148864 -c--a-w- c:windowssystem32ntoskrnl.exe

2011-10-25 12:52:02 2027008 -c--a-w- c:windowssystem32ntkrnlpa.exe

2011-10-18 11:13:22 186880 -c--a-w- c:windowssystem32encdec.dll

2011-10-17 18:48:01 21035 ----a-w- c:windowssystem32driversAegisP.sys

2011-03-21 01:17:08 46972928 ----a-w- c:program fileszaSetup_92_105_000_en.exe

2011-03-19 04:25:01 3033192 -c--a-w- c:program filesccsetup304.exe

2011-01-27 03:18:38 629968 ----a-w- c:program filesPartyPokerNetSetup.exe

2010-04-30 06:49:25 7184528 -c--a-w- c:program filesasc-setup.exe

2010-04-30 06:42:28 16409960 ----a-w- c:program filesspybotsd162.exe

2010-04-30 06:24:07 3103640 ----a-w- c:program filesspywareblastersetup43.exe

2010-03-14 16:29:04 336 ----a-w- c:program filestemp995.bat

2008-07-11 22:39:17 262144 -c--a-w- c:program filesUninstall Spy Blocker.dll

.

============= FINISH: 17:38:08.09 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: DeviceHarddiskVolume2

Install Date: 12/29/2007 10:25:58 PM

System Uptime: 1/10/2012 10:05:58 AM (7 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6390

Processor: AMD Athlon XP 2200+ | Socket A | 1798/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 33 GiB total, 21.017 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.782 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP467: 1/9/2012 11:33:37 AM - System Checkpoint

RP468: 1/9/2012 2:13:18 PM - Removed Adobe Reader 7.0

RP469: 1/10/2012 3:02:33 PM - Installed Java SE Development Kit 7 Update 2

RP470: 1/10/2012 3:11:10 PM - Installed Java 7 Update 2

RP471: 1/10/2012 3:17:16 PM - Installed JavaFX 2.0.2 SDK

RP472: 1/10/2012 3:19:37 PM - Installed JavaFX 2.0.2

.

==== Installed Programs ======================

.

.

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 11

AiO_Scan

AVG 2012

Belarc Advisor 6.1

CCleaner

CCScore

CDBurnerXP

Coloreal

EasyCleaner

ESET Online Scanner v3

essvatgt

fflink

Foxit Reader 5.1

Garmin Communicator Plugin

Garmin POI Loader

Garmin USB Drivers

H&R Block Deluxe + Efile + State 2010

H&R Block North Carolina 2010

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP PSC & OfficeJet 5.3.B

Intel® Extreme Graphics Driver Software

Java Auto Updater

Java 6 Update 3

Java 7 Update 2

Java SE Development Kit 7 Update 2

JavaFX 2.0.2

JavaFX 2.0.2 SDK

jv16 PowerTools 2011

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mp3 Tag Tools v1.2

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

netbrdg

NVIDIA Windows 2000/XP Display Drivers

OfotoXMI

PartyPoker.net

QFolder

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SHASTA

skin0001

SKINXSDK

SpeedyPC Pro

Spybot - Search & Destroy 1.5.2.20

SpywareBlaster 4.5

staticcr

SUPERAntiSpyware Free Edition

tooltips

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

VC 9.0 Runtime

VIA Rhine-Family Fast Ethernet Adapter

VPRINTOL

WD Diagnostics

WeatherBug

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Service Pack 3

WinPatrol 2008

WIRELESS

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 1:31:14 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

1/7/2012 5:03:09 PM, error: PlugPlayManager [11] - The device RootLEGACY_ESIHDRV0000 disappeared from the system without first being prepared for removal.

1/6/2012 8:57:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avgldx86 Avgmfx86 Avgtdix BANTExt Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Vsdatant

1/6/2012 8:57:06 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.

1/6/2012 8:57:06 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

1/6/2012 8:56:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/6/2012 8:47:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

1/6/2012 8:20:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 Avgldx86 Avgmfx86 BANTExt Fips MRxSmb Rdbss SASDIFSV SASKUTIL

1/6/2012 8:20:16 PM, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The system cannot find the file specified.

1/6/2012 8:20:16 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: The system cannot find the file specified.

1/6/2012 8:20:16 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The system cannot find the file specified.

1/6/2012 8:04:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/6/2012 8:00:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avgldx86 Avgmfx86 Avgtdix BANTExt Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Vsdatant WS2IFSL

1/5/2012 12:20:29 PM, error: atapi [9] - The device, DeviceIdeIdePort0, did not respond within the timeout period.

1/4/2012 8:27:58 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

1/3/2012 4:02:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 nv_agp

1/3/2012 4:02:11 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/3/2012 4:02:11 PM, error: Service Control Manager [7000] - The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to start due to the following error: The system cannot find the file specified.

1/3/2012 4:01:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi NascarFan19,

 

We are almost done. :)

---------

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...