Solved slow computer

[Resolved] slow computer

when logged on almost any website screen will freeze and virtual memory error messages. Using ctrl alt delete keys it looks like the task is still running but cpu usage is 100%

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2001 8:41:51 PM
System Uptime: 8/6/2010 4:46:43 PM (1 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 4300
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | Microprocessor | 1595/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 4.888 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1669: 7/14/2010 2:06:08 PM - System Checkpoint
RP1670: 7/15/2010 2:59:26 PM - System Checkpoint
RP1671: 7/16/2010 3:44:31 PM - System Checkpoint
RP1672: 7/17/2010 5:30:53 PM - System Checkpoint
RP1673: 7/18/2010 6:31:27 PM - System Checkpoint
RP1674: 7/19/2010 6:32:52 PM - System Checkpoint
RP1675: 7/20/2010 7:12:16 PM - System Checkpoint
RP1676: 7/21/2010 7:16:41 PM - System Checkpoint
RP1677: 7/22/2010 7:31:31 PM - System Checkpoint
RP1678: 7/23/2010 8:26:51 PM - System Checkpoint
RP1679: 7/24/2010 8:46:28 PM - System Checkpoint
RP1680: 7/25/2010 9:46:30 PM - System Checkpoint
RP1681: 7/27/2010 12:03:08 PM - System Checkpoint
RP1682: 7/27/2010 7:13:24 PM - Installed AVG Free 9.0
RP1683: 7/28/2010 9:16:52 AM - Avg Update
RP1684: 7/29/2010 10:06:45 AM - System Checkpoint
RP1685: 7/30/2010 10:43:41 AM - System Checkpoint
RP1686: 7/31/2010 11:00:12 AM - System Checkpoint
RP1687: 8/1/2010 12:12:40 PM - System Checkpoint
RP1688: 8/2/2010 12:38:41 PM - System Checkpoint
RP1689: 8/3/2010 8:44:37 AM - Removed AVG Free 9.0
RP1690: 8/3/2010 8:48:23 AM - Installed AVG Free 9.0
RP1691: 8/3/2010 10:00:54 AM - Installed HiJackThis
RP1692: 8/4/2010 11:20:25 AM - System Checkpoint
RP1693: 8/5/2010 12:21:34 PM - System Checkpoint

==== Installed Programs ======================

ACDSee for PENTAX
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.6
Adobe Shockwave Player
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Dell Solution Center
DellTouch
Efficient Networks SpeedStream DSL
FoneSync
Form Fill (Windows Live Toolbar)
getPlus(R)_ocx
H&R Block Deluxe + Efile + State 2009
H&R Block Georgia 2009
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
hp print screen utility
Image Expert 2000 v3.2
Intel Ultra ATA Storage Driver
InterVideo WinDVD
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Publishing 2001
Microsoft Streets and Trips 2001
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Money Investment Toolbox
OneCare Advisor (Windows Live Toolbar)
Philips SPC 900NC PC Camera
PhoneTools
Popup Blocker (Windows Live Toolbar)
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Shockwave
Skypeâ„¢ 3.8
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
User's Guides
Viewpoint Manager (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization

==== End Of File ===========================


DDS (Ver_10-03-17.01) - FAT32x86
Run by default at 17:01:47.15 on Fri 08/06/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.238 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Desktop\dds.scr

 

DDS (Ver_10-03-17.01) - FAT32x86
Run by default at 9:37:13.60 on Sat 08/07/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.75 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\default\Application Data\qysnyrmsu\clxolyrtssd.exe
C:\Documents and Settings\default\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [hgveabpx] c:\documents and settings\default\application data\qysnyrmsu\clxolyrtssd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
mRun: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [hgveabpx] c:\documents and settings\default\application data\qysnyrmsu\clxolyrtssd.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Works Calendar Reminders.lnk.disabled
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136587349593
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: ^RNA - rundll rnasetup.dll,installoptionalcomponent rna
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-12-26 1240576]

=============== Created Last 30 ================

2010-08-07 13:35:00 0 d-----w- c:\docume~1\default\applic~1\qysnyrmsu
2010-08-03 14:00:56 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-01-18 16:04:22 91338304 ----a-w- c:\program files\Ad-AwareInstallation.exe
2009-10-25 15:59:14 275393 ----a-w- c:\program files\mediaplayer.zip
2000-10-13 20:56:50 271 --sh--w- c:\program files\desktop.ini
2000-10-13 20:56:50 23357 ---h--w- c:\program files\folder.htt
2008-10-25 13:34:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 9:38:22.03 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/27/2001 8:41:51 PM
System Uptime: 8/7/2010 8:07:37 AM (1 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 4300
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | Microprocessor | 1595/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 19 GiB total, 4.807 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1669: 7/14/2010 2:06:08 PM - System Checkpoint
RP1670: 7/15/2010 2:59:26 PM - System Checkpoint
RP1671: 7/16/2010 3:44:31 PM - System Checkpoint
RP1672: 7/17/2010 5:30:53 PM - System Checkpoint
RP1673: 7/18/2010 6:31:27 PM - System Checkpoint
RP1674: 7/19/2010 6:32:52 PM - System Checkpoint
RP1675: 7/20/2010 7:12:16 PM - System Checkpoint
RP1676: 7/21/2010 7:16:41 PM - System Checkpoint
RP1677: 7/22/2010 7:31:31 PM - System Checkpoint
RP1678: 7/23/2010 8:26:51 PM - System Checkpoint
RP1679: 7/24/2010 8:46:28 PM - System Checkpoint
RP1680: 7/25/2010 9:46:30 PM - System Checkpoint
RP1681: 7/27/2010 12:03:08 PM - System Checkpoint
RP1682: 7/27/2010 7:13:24 PM - Installed AVG Free 9.0
RP1683: 7/28/2010 9:16:52 AM - Avg Update
RP1684: 7/29/2010 10:06:45 AM - System Checkpoint
RP1685: 7/30/2010 10:43:41 AM - System Checkpoint
RP1686: 7/31/2010 11:00:12 AM - System Checkpoint
RP1687: 8/1/2010 12:12:40 PM - System Checkpoint
RP1688: 8/2/2010 12:38:41 PM - System Checkpoint
RP1689: 8/3/2010 8:44:37 AM - Removed AVG Free 9.0
RP1690: 8/3/2010 8:48:23 AM - Installed AVG Free 9.0
RP1691: 8/3/2010 10:00:54 AM - Installed HiJackThis
RP1692: 8/4/2010 11:20:25 AM - System Checkpoint
RP1693: 8/5/2010 12:21:34 PM - System Checkpoint
RP1694: 8/6/2010 5:34:28 PM - System Checkpoint

==== Installed Programs ======================

ACDSee for PENTAX
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.6
Adobe Shockwave Player
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Dell Solution Center
DellTouch
Efficient Networks SpeedStream DSL
FoneSync
Form Fill (Windows Live Toolbar)
getPlus(R)_ocx
H&R Block Deluxe + Efile + State 2009
H&R Block Georgia 2009
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
hp print screen utility
Image Expert 2000 v3.2
Intel Ultra ATA Storage Driver
InterVideo WinDVD
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Publishing 2001
Microsoft Streets and Trips 2001
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN Money Investment Toolbox
OneCare Advisor (Windows Live Toolbar)
Philips SPC 900NC PC Camera
PhoneTools
Popup Blocker (Windows Live Toolbar)
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Shockwave
Skypeâ„¢ 3.8
Spybot - Search & Destroy
Update for Windows XP (KB951072-v2)
User's Guides
Viewpoint Manager (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows XP Service Pack 3
Works Suite OS Pack
Works Synchronization

==== End Of File ===========================

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4404

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/7/2010 8:23:57 PM
mbam-log-2010-08-07 (20-23-57).txt

Scan type: Quick scan
Objects scanned: 164793
Time elapsed: 18 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\57EJ14OY\f4bead[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 20:49:12
Windows 5.1.2600 Service Pack 3
Running: yi94mnmm.exe; Driver: C:\DOCUME~1\default\LOCALS~1\Temp\fxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4E6ACD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4E6AB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF4E6B142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4E6B06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF4E6A764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF4E6AC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF4E6A6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF4E6A708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF4E6AD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF4E6B210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF4E6AD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF4E6AEC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF4E77B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF4E779C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF4E77AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F4E74F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP F4E779C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP F4E77BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F85D 5 Bytes JMP F4E735B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B01 7 Bytes JMP F4E77AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? clmjjvps.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[464] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 114):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8C36000 \WINDOWS\system32\KDCOM.DLL
0xF8B46000 \WINDOWS\system32\BOOTVID.dll
0xF8736000 clmjjvps.sys
0xF86E7000 ACPI.sys
0xF8C38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF86D6000 pci.sys
0xF8746000 isapnp.sys
0xF8C3A000 intelide.sys
0xF89B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8756000 MountMgr.sys
0xF86B7000 ftdisk.sys
0xF89BE000 PartMgr.sys
0xF8766000 VolSnap.sys
0xF869F000 atapi.sys
0xF8776000 disk.sys
0xF8786000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF867F000 fltmgr.sys
0xF866D000 sr.sys
0xF8649000 Fastfat.sys
0xF8632000 KSecDD.sys
0xF8605000 NDIS.sys
0xF85EB000 Mup.sys
0xF8796000 agp440.sys
0xF87B6000 \SystemRoot\System32\DRIVERS\processr.sys
0xF8394000 \SystemRoot\System32\DRIVERS\ati2mtaa.sys
0xF8380000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF836E000 \SystemRoot\system32\DRIVERS\EG1032xp.sys
0xF82C3000 \SystemRoot\System32\DRIVERS\winachcf.sys
0xF89D6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF89DE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF87C6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF89EE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF87D6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8BC2000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF82AF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF87E6000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF89F6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF828B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8216000 \SystemRoot\system32\drivers\smwdm.sys
0xF8440000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF81F2000 \SystemRoot\system32\drivers\portcls.sys
0xF87F6000 \SystemRoot\system32\drivers\drmk.sys
0xF81CF000 \SystemRoot\system32\drivers\ks.sys
0xF8C3C000 \SystemRoot\system32\drivers\aeaudio.sys
0xF843F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8806000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8BC6000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF81B8000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8816000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8826000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF89FE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8A06000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A0E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8836000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8C3E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF815A000 \SystemRoot\System32\DRIVERS\update.sys
0xF8BCE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8846000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8876000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C60000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A1E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8C62000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF840F000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C64000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A2E000 \SystemRoot\System32\drivers\vga.sys
0xF8C66000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8A36000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A3E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5015000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF8896000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF4FBC000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF88A6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF4F96000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF4F6E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8C06000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF4F4C000 \SystemRoot\System32\drivers\afd.sys
0xF88C6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF4F21000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4E89000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF88F6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4E62000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8A4E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8916000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF8A56000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF8926000 \SystemRoot\system32\drivers\usbaudio.sys
0xF4D33000 \SystemRoot\system32\DRIVERS\camdrv41.sys
0xF8936000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF8A5E000 \SystemRoot\system32\DRIVERS\USBCAMD.SYS
0xF4D1B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C6A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF85AE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A66000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xF8151000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\ati2dvaa.dll
0xF4D03000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF445F000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF4224000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF3E9F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4CE3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3D76000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8CD2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3B55000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8AB6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF37F3000 \??\C:\DOCUME~1\default\LOCALS~1\Temp\fxtdqpog.sys
0xF37C8000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
336 C:\WINDOWS\System32\SMSS.EXE
392 CSRSS.EXE
420 C:\WINDOWS\System32\WINLOGON.EXE
464 C:\WINDOWS\System32\SERVICES.EXE
476 C:\WINDOWS\System32\LSASS.EXE
628 C:\WINDOWS\System32\SVCHOST.EXE
676 SVCHOST.EXE
744 C:\WINDOWS\System32\SVCHOST.EXE
816 SVCHOST.EXE
936 SVCHOST.EXE
1056 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1216 C:\WINDOWS\EXPLORER.EXE
1316 C:\Program Files\ACD Systems\DevDetect\DEVDET~1.EXE
1324 C:\WINDOWS\System32\drivers\PhiBtn.exe
1360 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1388 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1396 C:\WINDOWS\System32\CTFMON.EXE
1724 C:\WINDOWS\System32\SPOOLSV.EXE
776 C:\WINDOWS\System32\SVCHOST.EXE
120 ALG.EXE
2076 C:\WINDOWS\System32\SVCHOST.EXE
2292 C:\WINDOWS\System32\WUAUCLT.EXE
3184 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
3788 C:\Documents and Settings\default\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor2B020H1, Rev: WAH21PB0

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 129B5CA2CE459238FDB0C00A89EBAC0FAE9B7F72


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 112):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8C36000 \WINDOWS\system32\KDCOM.DLL
0xF8B46000 \WINDOWS\system32\BOOTVID.dll
0xF86E7000 ACPI.sys
0xF8C38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF86D6000 pci.sys
0xF8736000 isapnp.sys
0xF8C3A000 intelide.sys
0xF89B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8746000 MountMgr.sys
0xF86B7000 ftdisk.sys
0xF89BE000 PartMgr.sys
0xF8756000 VolSnap.sys
0xF869F000 atapi.sys
0xF8766000 disk.sys
0xF8776000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF867F000 fltmgr.sys
0xF866D000 sr.sys
0xF8649000 Fastfat.sys
0xF8632000 KSecDD.sys
0xF8605000 NDIS.sys
0xF85EB000 Mup.sys
0xF8786000 agp440.sys
0xF87A6000 \SystemRoot\System32\DRIVERS\processr.sys
0xF856A000 \SystemRoot\System32\DRIVERS\ati2mtaa.sys
0xF84F2000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF84E0000 \SystemRoot\system32\DRIVERS\EG1032xp.sys
0xF8435000 \SystemRoot\System32\DRIVERS\winachcf.sys
0xF89D6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF89DE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF87B6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF89E6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF89EE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF87C6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8BBE000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF83F9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF87D6000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF89F6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF83D5000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8360000 \SystemRoot\system32\drivers\smwdm.sys
0xF8569000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF8332000 \SystemRoot\system32\drivers\portcls.sys
0xF87E6000 \SystemRoot\system32\drivers\drmk.sys
0xF830F000 \SystemRoot\system32\drivers\ks.sys
0xF8C3C000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8568000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF87F6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8BC2000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF82F8000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8806000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8816000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF89FE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8A06000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A0E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8826000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8C3E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF829A000 \SystemRoot\System32\DRIVERS\update.sys
0xF8BCA000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8836000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8866000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C60000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A1E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8C62000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF853A000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C64000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A2E000 \SystemRoot\System32\drivers\vga.sys
0xF8C66000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8A36000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A3E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF515F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF8886000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF5106000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF8896000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF50E0000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF88A6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF50B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8C06000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5096000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF506B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF4FD3000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF88E6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4FAC000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8A4E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8A56000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF8906000 \SystemRoot\system32\drivers\usbaudio.sys
0xF4E7D000 \SystemRoot\system32\DRIVERS\camdrv41.sys
0xF8916000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF8A5E000 \SystemRoot\system32\DRIVERS\USBCAMD.SYS
0xF8926000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4E65000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C6A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8429000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A66000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8561000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvaa.dll
0xF4E45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF4579000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF436E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF4089000 \SystemRoot\system32\drivers\wdmaud.sys
0xF427E000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3EE8000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8CBC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3C9F000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8AA6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF38D6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
336 C:\WINDOWS\System32\SMSS.EXE
392 CSRSS.EXE
416 C:\WINDOWS\System32\WINLOGON.EXE
460 C:\WINDOWS\System32\SERVICES.EXE
472 C:\WINDOWS\System32\LSASS.EXE
632 C:\WINDOWS\System32\SVCHOST.EXE
716 SVCHOST.EXE
784 C:\WINDOWS\System32\SVCHOST.EXE
888 SVCHOST.EXE
972 SVCHOST.EXE
1056 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1208 C:\WINDOWS\EXPLORER.EXE
1296 C:\Program Files\ACD Systems\DevDetect\DEVDET~1.EXE
1304 C:\WINDOWS\System32\DRIVERS\PhiBtn.exe
1332 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1352 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1360 C:\WINDOWS\System32\CTFMON.EXE
1672 C:\WINDOWS\System32\SPOOLSV.EXE
368 SVCHOST.EXE
904 C:\WINDOWS\System32\SVCHOST.EXE
1976 ALG.EXE
2016 C:\WINDOWS\System32\SVCHOST.EXE
2228 C:\Program Files\Internet Explorer\IEXPLORE.EXE
2340 C:\WINDOWS\System32\WUAUCLT.EXE
3548 C:\Documents and Settings\DEFAULT\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor2B020H1, Rev: WAH21PB0

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 129B5CA2CE459238FDB0C00A89EBAC0FAE9B7F72


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

ComboFix 10-08-07.02 - default 08/08/2010 13:22:09.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.290 [GMT -4:00]
Running from: c:\documents and settings\default\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\default\Application Data\qysnyrmsu
c:\documents and settings\default\Application Data\qysnyrmsu\clxolyrtssd.exe
C:\Logo.sys
c:\windows\desktop
c:\windows\Downloaded Program Files\Temp
c:\windows\patch.exe
c:\windows\start.exe
c:\windows\system32\windows.scr
c:\windows\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\default\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\default\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 23:58 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 23:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-07 23:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-07 23:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-07 23:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-07 23:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-07 23:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-07 23:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-07 23:07 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-07 23:07 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-07 23:07 . 2010-08-07 23:07 -------- d-----w- c:\program files\Alwil Software
2010-08-07 23:07 . 2010-08-07 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-07 22:13 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-07 22:12 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-07 22:12 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-07 22:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-08-07 22:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-07 22:11 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-08-07 22:11 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-08-07 22:10 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-08-07 22:10 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-08-07 22:10 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-07 22:10 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-08-07 22:10 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-07 22:10 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-08-07 22:10 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-08-07 22:10 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-07 21:55 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-08-07 21:54 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-07 21:54 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-07 21:53 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-08-03 14:00 . 2010-08-03 14:01 388096 ----a-r- c:\documents and settings\default\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-03 14:00 . 2010-08-03 14:00 -------- d-----w- c:\program files\Trend Micro
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:31 . 2002-09-23 22:02 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-01-18 16:04 . 2010-01-18 16:04 91338304 ----a-w- c:\program files\Ad-AwareInstallation.exe
2009-10-25 15:59 . 2009-10-25 15:59 275393 ----a-w- c:\program files\mediaplayer.zip
2000-10-13 20:56 . 2000-10-13 20:56 23357 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhiBtn "= "c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk.disabled [2001-10-28 585]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"hgveabpx "=c:\documents and settings\default\Application Data\qysnyrmsu\clxolyrtssd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"Microsoft Works Portfolio "=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection "=c:\program files\Microsoft Works\WkDetect.exe
"Traymin900 "=%SystemRoot%\System32\drivers\Tray900.exe
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"hgveabpx "=c:\documents and settings\default\Application Data\qysnyrmsu\clxolyrtssd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile "=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"WorksFUD "=c:\program files\Microsoft Works\wkfud.exe
"MMTray "=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"LoadQM "=loadqm.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\MSMSGS.EXE "=
"c:\\Program Files\\NetMeeting\\CONF.EXE "=
"c:\\Program Files\\Outlook Express\\msimn.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [8/7/2010 7:08 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [8/7/2010 7:08 PM 17744]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\SYSTEM32\DRIVERS\camdrv41.sys [12/26/2007 7:37 AM 1240576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 20:17 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HPDJ Taskbar Utility - c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
ActiveSetup-RNA - rundll rnasetup.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 13:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-08 13:37:05
ComboFix-quarantined-files.txt 2010-08-08 17:37

Pre-Run: 3,857,661,952 bytes free
Post-Run: 6,499,172,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 71CD380DF9690BEFBBFB4402114D7A54

 

ComboFix 10-08-07.02 - default 08/08/2010 14:49:50.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.256 [GMT -4:00]
Running from: c:\documents and settings\default\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\default\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\default\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\default\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 23:58 . 2010-08-07 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 23:58 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 23:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-07 23:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-07 23:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-07 23:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-07 23:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-07 23:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-07 23:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-07 23:07 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-07 23:07 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-07 23:07 . 2010-08-07 23:07 -------- d-----w- c:\program files\Alwil Software
2010-08-07 23:07 . 2010-08-07 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-07 22:13 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-07 22:12 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-07 22:12 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-07 22:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-08-07 22:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-07 22:11 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-08-07 22:11 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-08-07 22:10 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-08-07 22:10 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-08-07 22:10 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-07 22:10 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-08-07 22:10 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-07 22:10 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-08-07 22:10 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-08-07 22:10 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-07 21:55 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-08-07 21:54 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-07 21:54 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-07 21:53 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-08-03 14:00 . 2010-08-03 14:01 388096 ----a-r- c:\documents and settings\default\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-03 14:00 . 2010-08-03 14:00 -------- d-----w- c:\program files\Trend Micro
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:31 . 2002-09-23 22:02 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-01-18 16:04 . 2010-01-18 16:04 91338304 ----a-w- c:\program files\Ad-AwareInstallation.exe
2009-10-25 15:59 . 2009-10-25 15:59 275393 ----a-w- c:\program files\mediaplayer.zip
2000-10-13 20:56 . 2000-10-13 20:56 23357 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhiBtn "= "c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk.disabled [2001-10-28 585]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"Microsoft Works Portfolio "=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection "=c:\program files\Microsoft Works\WkDetect.exe
"Traymin900 "=%SystemRoot%\System32\drivers\Tray900.exe
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile "=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"WorksFUD "=c:\program files\Microsoft Works\wkfud.exe
"MMTray "=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"LoadQM "=loadqm.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\MSMSGS.EXE "=
"c:\\Program Files\\NetMeeting\\CONF.EXE "=
"c:\\Program Files\\Outlook Express\\msimn.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [8/7/2010 7:08 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [8/7/2010 7:08 PM 17744]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\SYSTEM32\DRIVERS\camdrv41.sys [12/26/2007 7:37 AM 1240576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 20:17 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-RNA - rundll rnasetup.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 15:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-08 15:04:59
ComboFix-quarantined-files.txt 2010-08-08 19:04
ComboFix2.txt 2010-08-08 17:37

Pre-Run: 6,518,833,152 bytes free
Post-Run: 6,514,016,256 bytes free

- - End Of File - - 7D71684E77F4E8B6F53298E3DAC6C8EA

 

OTL logfile created on: 8/8/2010 7:22:02 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 46.00% Memory free
672.00 Mb Paging File | 449.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 7.86 Gb Free Space | 42.24% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8TRXY01
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\SYSTEM32\DRIVERS\PhiBtn.exe
PRC - [2003/06/17 15:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\DevDetect\DevDetect.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\default\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\camdrv41.sys -- (camvid40)
DRV - [2005/01/31 21:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2003/05/14 05:16:36 | 000,028,005 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\enethusb.sys -- (ENETHUSB)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/13 17:17:34 | 000,737,973 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins


O1 HOSTS File: ([2010/08/08 13:32:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\SYSTEM32\DRIVERS\PhiBtn.exe (Philips)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136587349593 (MUWebControl Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Zapotec.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2001/12/27 20:00:56 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2001/12/27 20:00:56 | 000,000,194 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm1 - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/08 19:07:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/08/08 13:20:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/08 13:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 12:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/08 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/08/07 19:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Malwarebytes
[2010/08/07 19:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/07 19:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/07 19:58:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/07 19:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 19:58:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\default\Desktop\mbam-setup.exe
[2010/08/07 19:08:18 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/07 19:08:17 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/07 19:08:14 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/07 19:08:13 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/07 19:08:09 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/07 19:08:09 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/07 19:08:08 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/07 19:07:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/07 19:07:34 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/07 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/07 19:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/07 17:47:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/03 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/08 19:16:04 | 000,012,582 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/08 19:14:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/08 19:14:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 19:14:42 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 19:13:24 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\default\ntuser.dat
[2010/08/08 19:13:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2010/08/08 19:13:14 | 003,771,100 | -H-- | M] () -- C:\Documents and Settings\default\Application Data\IconCache.db
[2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/08/08 18:37:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/08/08 15:00:50 | 000,000,630 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/08 13:20:56 | 000,000,288 | RHS- | M] () -- C:\boot.ini
[2010/08/08 09:23:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\default\Desktop\MBRCheck_MBR_Backup_08-08-10_09-23-08.bak
[2010/08/08 08:34:48 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/08 08:34:48 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/08 08:34:46 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/08 08:27:24 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 00:17:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/07 20:49:30 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\default\Desktop\MBRCheck.exe
[2010/08/07 20:34:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\default\Desktop\yi94mnmm.exe
[2010/08/07 19:58:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/07 19:58:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\default\Desktop\mbam-setup.exe
[2010/08/07 19:08:22 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/07 19:08:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/07 18:03:16 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\default\Desktop\setup_av_free.exe
[2010/08/07 17:48:14 | 000,001,610 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/07 17:48:14 | 000,000,217 | ---- | M] () -- C:\Boot.bak
[2010/08/06 17:01:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2010/08/03 10:05:18 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\default\Desktop\HiJackThis.lnk
[2010/08/03 10:00:02 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\default\My Documents\HiJackThis.msi
[2010/07/22 14:27:16 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/22 14:27:16 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2010/06/28 16:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:34 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 13:20:55 | 000,000,217 | ---- | C] () -- C:\Boot.bak
[2010/08/08 13:20:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/08 09:23:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\default\Desktop\MBRCheck_MBR_Backup_08-08-10_09-23-08.bak
[2010/08/07 20:49:39 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\default\Desktop\MBRCheck.exe
[2010/08/07 20:34:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\default\Desktop\yi94mnmm.exe
[2010/08/07 19:58:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/07 19:08:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/07 18:03:14 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\default\Desktop\setup_av_free.exe
[2010/08/07 17:49:12 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/06 17:01:12 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2010/08/03 10:00:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\default\Desktop\HiJackThis.lnk
[2010/08/03 09:59:53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\default\My Documents\HiJackThis.msi
[2007/12/26 07:37:34 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2007/12/26 07:37:34 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2007/02/24 13:50:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/24 13:50:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/04/06 20:23:12 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/04/06 20:23:12 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/04/06 20:22:04 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/13 09:20:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2002/08/13 09:31:24 | 000,000,859 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/12/27 20:37:18 | 000,000,351 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/12/27 20:35:22 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2001/12/27 20:35:22 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2001/12/27 20:35:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2001/12/27 20:35:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2001/12/27 20:35:22 | 000,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2001/12/27 20:35:22 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/12/27 20:35:22 | 000,000,876 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2001/12/27 20:35:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2001/12/27 20:35:22 | 000,000,541 | ---- | C] () -- C:\WINDOWS\userinfo.ini
[2001/12/27 20:35:22 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2001/12/27 20:35:22 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2001/12/27 20:35:22 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2001/12/27 20:35:22 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2001/12/27 20:35:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2001/12/27 20:35:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2001/12/27 20:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/27 20:35:22 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2001/12/27 20:35:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2001/12/27 20:35:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2001/12/27 20:35:22 | 000,000,017 | ---- | C] () -- C:\WINDOWS\venderID.ini
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FONESYNC.INI
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DELLSC.INI
[2001/10/22 15:03:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/10/22 15:01:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/10/22 15:01:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2000/07/07 14:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/06/06 16:21:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/03/25 19:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1980/01/01 00:00:00 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== LOP Check ==========

[2001/12/27 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2010/08/07 19:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2004/05/10 19:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/11/04 16:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/02/24 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/02/22 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2002/04/05 20:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\InterVideo
[2004/11/04 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\ACD Systems
[2007/06/05 19:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Viewpoint
[2008/02/03 21:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Grisoft
[2008/02/22 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\TaxCut
[2009/10/24 18:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Temp
[2010/08/08 18:37:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2001/10/22 14:50:30 | 000,001,660 | RHS- | M] () -- C:\MSDOS.SYS
[2001/12/27 20:00:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.BAK
[2010/08/08 19:14:42 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () -- C:\AUTOEXEC.DOS
[2000/08/09 10:26:38 | 000,000,047 | -HS- | M] () -- C:\CONFIG.DOS
[2001/12/27 20:00:56 | 000,000,194 | -HS- | M] () -- C:\AUTOEXEC.BAK
[2001/10/22 14:44:28 | 000,003,299 | -H-- | M] () -- C:\DELL.SDR
[2001/10/22 14:56:50 | 000,000,000 | ---- | M] () -- C:\Dumplog.txt
[2001/08/30 14:57:32 | 000,174,195 | -H-- | M] () -- C:\ZZ.EXE
[2007/09/05 18:18:00 | 000,009,724 | ---- | M] () -- C:\logfile
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2001/10/22 14:30:36 | 000,000,019 | ---- | M] () -- C:\OSINFO.ENG
[2001/12/27 20:00:56 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2001/08/30 14:06:28 | 000,002,280 | -H-- | M] () -- C:\ZZTOP.BAT
[2001/12/13 11:54:46 | 000,000,616 | ---- | M] () -- C:\SCANDISK.LOG
[2004/12/03 15:36:00 | 000,009,834 | ---- | M] () -- C:\SSPPPoE.log
[2001/12/27 20:00:56 | 000,000,194 | -H-- | M] () -- C:\AUTOEXEC.BAT
[1993/09/30 01:20:00 | 000,001,754 | -H-- | M] () -- C:\CHOICE.COM
[2010/08/07 17:48:14 | 000,000,217 | ---- | M] () -- C:\Boot.bak
[2000/06/08 17:00:00 | 000,110,080 | RHS- | M] () -- C:\io.sys
[2010/08/08 15:05:02 | 000,009,121 | ---- | M] () -- C:\ComboFix.txt
[2001/12/27 20:37:18 | 000,000,772 | ---- | M] () -- C:\John's resume.lnk
[2001/12/27 20:10:58 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2010/08/08 19:14:42 | 201,326,592 | -HS- | M] () -- C:\PAGEFILE.SYS
[2008/10/25 09:10:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/10/29 09:12:58 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/08/08 13:20:56 | 000,000,288 | RHS- | M] () -- C:\boot.ini
[2001/12/27 20:37:18 | 000,000,683 | ---- | M] () -- C:\command.LNK
[2002/08/23 22:34:06 | 000,000,000 | ---- | M] () -- C:\temp.html
[2010/08/02 11:19:28 | 000,627,063 | ---- | M] () -- C:\hpfr5550.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/10/17 16:58:06 | 000,009,754 | ---- | M] (BVRP Software) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\wfxprint2000.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/12/27 20:22:40 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav
[2001/12/27 20:22:40 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2001/12/27 20:22:40 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\SYSTEM32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >


OTL Extras logfile created on: 8/8/2010 7:22:02 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 46.00% Memory free
672.00 Mb Paging File | 449.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 7.86 Gb Free Space | 42.24% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8TRXY01
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetMeeting\CONF.EXE" = C:\Program Files\NetMeeting\CONF.EXE:*isabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{2BCED072-9E78-456F-B8D6-AF6DA5A5EECC}" = H&R Block Georgia 2009
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4B0ED720-87D3-11D4-A188-0050DA2DDF19}" = Dell Solution Center
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skypeâ„¢ 3.8
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Ultra ATA Storage Driver
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B2233F6A-A0D7-46B3-949B-32A94A1FEC53}" = ArcSoft Software Suite
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast5" = avast! Free Antivirus
"EfntSSDSL" = Efficient Networks SpeedStream DSL
"FoneSync" = FoneSync
"getPlus(R)_ocx" = getPlus(R)_ocx
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Expert 3.2" = Image Expert 2000 v3.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Modem Helper" = Modem Helper
"Money2006a" = MSN Money Investment Toolbox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Shockwave" = Shockwave
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live Toolbar" = Windows Live Toolbar
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2001Setup" = Microsoft Works 2001 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 9:08:03 PM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2010 11:59:50 AM | Computer Name = 8TRXY01 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module acropdf.dll, version 8.1.3.0, fault address 0x0002a422.

Error - 6/1/2010 5:57:36 PM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2010 2:50:36 PM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2010 9:49:55 PM | Computer Name = 8TRXY01 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/22/2010 9:49:55 PM | Computer Name = 8TRXY01 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/1/2010 6:44:25 PM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/1/2010 6:44:26 PM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2010 10:20:55 AM | Computer Name = 8TRXY01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2010 12:15:52 AM | Computer Name = 8TRXY01 | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

[ System Events ]
Error - 8/7/2010 5:45:10 PM | Computer Name = 8TRXY01 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 8/7/2010 5:45:10 PM | Computer Name = 8TRXY01 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/7/2010 5:45:10 PM | Computer Name = 8TRXY01 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 8/7/2010 5:45:10 PM | Computer Name = 8TRXY01 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/7/2010 5:45:10 PM | Computer Name = 8TRXY01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip WS2IFSL

Error - 8/7/2010 5:48:20 PM | Computer Name = 8TRXY01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/7/2010 8:26:30 PM | Computer Name = 8TRXY01 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/8/2010 12:49:42 PM | Computer Name = 8TRXY01 | Source = ati2mtaa | ID = 262252
Description = The driver ati2dvaa for the display device \Device\Video0 got stuck
in an infinite loop. This usually indicates a problem with the device itself or
with the device driver programming the hardware incorrectly. Please check with your
hardware
device vendor for any driver updates.

Error - 8/8/2010 12:53:30 PM | Computer Name = 8TRXY01 | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 82c509c0, parameter2 82de6008, parameter3
82d11068, parameter4 00000001.

Error - 8/8/2010 12:58:28 PM | Computer Name = 8TRXY01 | Source = ati2mtaa | ID = 262252
Description = The driver ati2dvaa for the display device \Device\Video0 got stuck
in an infinite loop. This usually indicates a problem with the device itself or
with the device driver programming the hardware incorrectly. Please check with your
hardware
device vendor for any driver updates.


< End of report >

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\voxacm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\002414_.tmp deleted successfully.
C:\WINDOWS\005641_.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET47.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System\TBM7051.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\default\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\default\Application Data\Grisoft folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12738512 bytes
->Java cache emptied: 1580549 bytes
->Flash cache emptied: 203681 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temporary Internet Files folder emptied: 128210 bytes
->Flash cache emptied: 300 bytes

User: Bev
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 241033 bytes

User: Administrator
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 899187 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: default
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Bev
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08092010_091541

Files\Folders moved on Reboot...
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\NTZ2RS82\94472-active-slow-computer[1].htm moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\NTZ2RS82\p-01-0VIaSjnOLg[6].gif moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\NTZ2RS82\113ce987-2b1b-469e-b639-39b1d3dac068_3rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\ZMY4X3RW\audmeasure[3].gif moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\L0L874N4\9548[1].gif moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\57EJ14OY\ads[3].htm moved successfully.
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\57EJ14OY\iframescript[3].htm moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

 

OTL logfile created on: 8/9/2010 9:31:52 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 47.00% Memory free
672.00 Mb Paging File | 383.00 Mb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 7.63 Gb Free Space | 41.01% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 8TRXY01
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\SYSTEM32\DRIVERS\PhiBtn.exe
PRC - [2003/06/17 15:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\DevDetect\DevDetect.exe


========== Modules (SafeList) ==========

MOD - [2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\default\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:34 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\camdrv41.sys -- (camvid40)
DRV - [2005/01/31 21:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2003/05/14 05:16:36 | 000,028,005 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\enethusb.sys -- (ENETHUSB)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/13 17:17:34 | 000,737,973 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins


O1 HOSTS File: ([2010/08/08 13:32:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\SYSTEM32\DRIVERS\PhiBtn.exe (Philips)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136587349593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Zapotec.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2001/12/27 20:00:56 | 000,000,194 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2001/12/27 20:00:56 | 000,000,194 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/09 09:17:26 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/08/09 09:15:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/08 21:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/08 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/08 21:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/08 19:07:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/08/08 18:19:26 | 000,378,368 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\default\Desktop\JavaRa.exe
[2010/08/08 13:20:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/08 13:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/08 12:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/08 00:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/08/07 19:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Application Data\Malwarebytes
[2010/08/07 19:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/07 19:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/07 19:58:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/07 19:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/07 19:58:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\default\Desktop\mbam-setup.exe
[2010/08/07 19:08:18 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/07 19:08:17 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/07 19:08:14 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/07 19:08:13 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/07 19:08:09 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/07 19:08:09 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/07 19:08:08 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/07 19:07:35 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/07 19:07:34 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/07 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/07 19:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/07 17:47:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/03 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 90 Days ==========

[2010/08/09 09:23:40 | 000,012,582 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 09:23:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 09:23:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 09:22:58 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 09:21:26 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\default\ntuser.dat
[2010/08/09 09:21:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2010/08/08 23:02:14 | 004,832,348 | -H-- | M] () -- C:\Documents and Settings\default\Application Data\IconCache.db
[2010/08/08 22:37:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/08/08 21:37:16 | 000,156,129 | ---- | M] () -- C:\Documents and Settings\default\Desktop\JavaRa.zip
[2010/08/08 19:07:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/08/08 18:19:26 | 000,378,368 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\default\Desktop\JavaRa.exe
[2010/08/08 15:00:50 | 000,000,630 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/08 14:09:10 | 000,002,758 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Deutsch.lng
[2010/08/08 14:08:52 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Suomi.lng
[2010/08/08 14:08:40 | 000,003,027 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Français.lng
[2010/08/08 14:08:20 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Italiano.lng
[2010/08/08 14:08:04 | 000,002,946 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Español.lng
[2010/08/08 14:07:50 | 000,003,127 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Nederlands.lng
[2010/08/08 13:20:56 | 000,000,288 | RHS- | M] () -- C:\boot.ini
[2010/08/08 09:23:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\default\Desktop\MBRCheck_MBR_Backup_08-08-10_09-23-08.bak
[2010/08/08 08:34:48 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/08 08:34:48 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/08 08:34:46 | 000,347,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/08 08:27:24 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/08 00:17:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/07 20:49:30 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\default\Desktop\MBRCheck.exe
[2010/08/07 20:34:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\default\Desktop\yi94mnmm.exe
[2010/08/07 19:58:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/07 19:58:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\default\Desktop\mbam-setup.exe
[2010/08/07 19:08:22 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/07 19:08:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/07 18:03:16 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\default\Desktop\setup_av_free.exe
[2010/08/07 17:48:14 | 000,001,610 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/07 17:48:14 | 000,000,217 | ---- | M] () -- C:\Boot.bak
[2010/08/06 17:01:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2010/08/03 10:05:18 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\default\Desktop\HiJackThis.lnk
[2010/08/03 10:00:02 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\default\My Documents\HiJackThis.msi
[2010/08/01 13:24:58 | 000,322,351 | ---- | M] () -- C:\Documents and Settings\default\Desktop\JavaRa.def
[2010/07/22 14:27:16 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/22 14:27:16 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Spybot - Search & Destroy.lnk
[2010/06/28 16:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:34 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/08/08 21:37:15 | 000,156,129 | ---- | C] () -- C:\Documents and Settings\default\Desktop\JavaRa.zip
[2010/08/08 14:09:10 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Deutsch.lng
[2010/08/08 14:08:52 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Suomi.lng
[2010/08/08 14:08:40 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Français.lng
[2010/08/08 14:08:20 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Italiano.lng
[2010/08/08 14:08:04 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Español.lng
[2010/08/08 14:07:50 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Nederlands.lng
[2010/08/08 13:20:55 | 000,000,217 | ---- | C] () -- C:\Boot.bak
[2010/08/08 13:20:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/08 09:23:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\default\Desktop\MBRCheck_MBR_Backup_08-08-10_09-23-08.bak
[2010/08/07 20:49:39 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\default\Desktop\MBRCheck.exe
[2010/08/07 20:34:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\default\Desktop\yi94mnmm.exe
[2010/08/07 19:58:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/07 19:08:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/07 18:03:14 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\default\Desktop\setup_av_free.exe
[2010/08/07 17:49:12 | 535,904,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/06 17:01:12 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\default\Desktop\dds.scr
[2010/08/03 10:00:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\default\Desktop\HiJackThis.lnk
[2010/08/03 09:59:53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\default\My Documents\HiJackThis.msi
[2010/08/01 13:24:58 | 000,322,351 | ---- | C] () -- C:\Documents and Settings\default\Desktop\JavaRa.def
[2007/12/26 07:37:34 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2007/12/26 07:37:34 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2007/02/24 13:50:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/24 13:50:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005/04/06 20:23:12 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/04/06 20:23:12 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/04/06 20:22:04 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/02/13 09:20:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2002/08/13 09:31:24 | 000,000,859 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/12/27 20:37:18 | 000,000,351 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/12/27 20:35:22 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2001/12/27 20:35:22 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2001/12/27 20:35:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2001/12/27 20:35:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2001/12/27 20:35:22 | 000,000,932 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2001/12/27 20:35:22 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/12/27 20:35:22 | 000,000,876 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2001/12/27 20:35:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2001/12/27 20:35:22 | 000,000,541 | ---- | C] () -- C:\WINDOWS\userinfo.ini
[2001/12/27 20:35:22 | 000,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2001/12/27 20:35:22 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2001/12/27 20:35:22 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2001/12/27 20:35:22 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2001/12/27 20:35:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2001/12/27 20:35:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2001/12/27 20:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/27 20:35:22 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2001/12/27 20:35:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2001/12/27 20:35:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2001/12/27 20:35:22 | 000,000,017 | ---- | C] () -- C:\WINDOWS\venderID.ini
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FONESYNC.INI
[2001/12/27 20:35:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DELLSC.INI
[2001/10/22 15:03:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/10/22 15:01:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/10/22 15:01:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2000/07/07 14:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/06/06 16:21:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/03/25 19:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1980/01/01 00:00:00 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== LOP Check ==========

[2001/12/27 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2010/08/07 19:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2004/11/04 16:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/02/24 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/02/22 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2002/04/05 20:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\InterVideo
[2004/11/04 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\ACD Systems
[2008/02/22 13:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\TaxCut
[2009/10/24 18:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Temp
[2010/08/08 22:37:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========


< End of report >

 

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
OneCare Advisor (Windows Live Toolbar)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

Looks like this one ran clean It's booting up and logging on the internet faster now. Haven't had it freeze up on me for quite a couple of days now. I'm looking into getting more memory aswell

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 09, 2010 19:33:07
Records in database: 4130570
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 70064
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:37:50

No threats found. Scanned area is clean.

Selected area has been scanned.