1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved cannot remove win32/patched.fl

Discussion in 'Malware and Virus Removal Archive' started by cspgsl, 2010/08/30.

Page 2 of 3
  1. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    OTL logfile created on: 8/31/2010 9:01:19 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Debra Martyn\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 22.74 Gb Free Space | 30.52% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME-10FD3E33EE
    Current User Name: Debra Martyn
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/06/02 16:06:16 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/02/13 06:58:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\DEBRAM~2\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
    DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
    DRV - [2007/02/23 01:13:50 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [2007/02/23 01:13:50 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search "
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
    FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/26 11:23:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 11:23:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 11:24:09 | 000,000,000 | ---D | M]

    [2009/11/01 03:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Extensions
    [2010/08/21 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Firefox\Profiles\nzzqudik.default\extensions
    [2009/07/26 10:26:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Firefox\Profiles\nzzqudik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/21 11:54:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/12/11 18:15:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2008/10/04 21:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2010/08/31 19:23:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 () -
    O24 - Desktop WallPaper: C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/25 07:29:57 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56871556046913536)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/31 21:00:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    [2010/08/31 20:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/08/31 20:04:35 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Debra Martyn\Desktop\avgremover.exe
    [2010/08/31 19:13:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/31 19:10:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/31 19:10:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/31 19:10:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/31 19:10:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/31 18:53:52 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Debra Martyn\Desktop\avg_free_stb_all_9_115_cnet.exe
    [2010/08/31 18:41:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/31 18:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/31 12:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/08/31 06:24:53 | 006,436,560 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Debra Martyn\Desktop\DELL_AUDIO.EXE
    [2010/08/30 19:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2010/08/30 19:00:44 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/08/30 18:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\LogMeIn
    [2010/08/30 18:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/08/30 18:43:05 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2010/08/30 18:43:04 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2010/08/30 18:43:04 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
    [2010/08/30 18:42:57 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2010/08/30 18:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
    [2010/08/30 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Deployment
    [2010/08/30 18:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI11.tmp
    [2010/08/30 17:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/08/26 00:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/25 21:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
    [2010/08/25 21:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMIDC.tmp
    [2010/08/25 20:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/25 20:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/06/24 18:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Application Data\dvdcss
    [2010/06/17 10:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Yahoo!
    [2010/06/10 03:09:44 | 000,000,000 | ---D | C] -- C:\e8386c1ba4d343c74f
    [2010/01/24 10:47:24 | 093,234,472 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/31 21:59:12 | 000,013,145 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\New Microsoft Office Word Document.docx
    [2010/08/31 21:01:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38B0B232-96E9-44F9-B9DB-6ACB4DC20BF3}.job
    [2010/08/31 21:00:48 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Debra Martyn\Desktop\avgremover.exe
    [2010/08/31 21:00:40 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-789336058-839522115-1005.job
    [2010/08/31 21:00:40 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-789336058-839522115-1005.job
    [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    [2010/08/31 20:51:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/31 20:49:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/31 20:16:03 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\ntuser.dat
    [2010/08/31 20:13:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/31 20:13:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/31 20:12:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/31 20:12:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debra Martyn\ntuser.ini
    [2010/08/31 20:04:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/31 19:23:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/31 19:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/08/31 18:54:03 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Debra Martyn\Desktop\avg_free_stb_all_9_115_cnet.exe
    [2010/08/31 18:45:42 | 003,829,857 | R--- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\ComboFix.exe
    [2010/08/31 18:32:23 | 084,219,346 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\aug31.reg
    [2010/08/31 18:29:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/31 18:29:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/31 06:24:53 | 006,436,560 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Debra Martyn\Desktop\DELL_AUDIO.EXE
    [2010/08/31 05:17:17 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/08/30 18:42:56 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/08/30 14:59:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\prvlcl.dat
    [2010/08/28 17:41:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/28 08:15:20 | 000,126,464 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/12 14:26:01 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/12 14:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/12 14:08:11 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/12 14:08:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/12 14:08:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/02 09:13:18 | 007,476,370 | -H-- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\IconCache.db
    [2010/06/21 09:12:35 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\My Documents\The Character of Tallis Browne.doc
    [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/31 20:59:44 | 000,013,145 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\New Microsoft Office Word Document.docx
    [2010/08/31 19:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/31 19:13:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/08/31 19:10:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/31 19:10:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/31 19:10:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/31 19:10:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/31 19:10:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/31 18:32:12 | 084,219,346 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\aug31.reg
    [2010/08/31 17:48:04 | 003,829,857 | R--- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\ComboFix.exe
    [2010/08/30 18:42:54 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2010/06/21 08:45:08 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\My Documents\The Character of Tallis Browne.doc
    [2010/04/13 15:54:05 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
    [2009/12/07 18:51:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\prvlcl.dat
    [2008/12/22 21:50:37 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/07/25 07:23:09 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/08/04 12:02:47 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/13 12:37:56 | 000,053,161 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2007/02/13 12:37:56 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2007/02/13 12:32:38 | 000,524,573 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2007/02/13 12:32:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2006/08/31 09:52:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/07/20 19:04:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2006/07/20 18:54:54 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/07/12 09:34:00 | 000,000,179 | ---- | C] () -- C:\WINDOWS\stci.ini
    [2004/08/04 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/04 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/04 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/04 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

    ========== LOP Check ==========

    [2009/02/13 06:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2009/04/20 18:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/08/30 18:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2006/07/20 17:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
    [2010/08/30 19:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/24 10:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/05/06 20:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Image Zone Express
    [2007/01/26 23:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Leadertech
    [2010/03/03 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\RadioBar
    [2010/08/31 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\uTorrent
    [2010/08/31 21:01:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38B0B232-96E9-44F9-B9DB-6ACB4DC20BF3}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/30 18:42:56 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/07/25 07:29:57 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/30 19:00:44 | 000,000,886 | ---- | M] () -- C:\avenger.txt
    [2010/08/31 18:29:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/31 19:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/08/31 20:51:28 | 000,014,503 | ---- | M] () -- C:\ComboFix.txt
    [2006/07/11 17:23:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/03/12 14:52:22 | 001,521,065 | ---- | M] () -- C:\Image001_1.jpg
    [2007/03/12 14:52:22 | 001,435,437 | ---- | M] () -- C:\Image002_2.jpg
    [2010/04/13 16:22:39 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
    [2006/07/11 17:23:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/07/11 17:23:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/10 04:25:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/31 20:12:53 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/30 14:56:08 | 000,000,325 | ---- | M] () -- C:\rkill.log
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2010/08/30 16:32:59 | 000,040,370 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_30.08.2010_16.32.16_log.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2010/06/02 16:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/07/12 06:08:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/07/12 10:02:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2006/07/12 06:08:30 | 009,175,040 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/07/12 06:08:30 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    < End of report >
     
    cspgsl,
    #21
  2. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    OTL logfile created on: 8/31/2010 9:01:19 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Debra Martyn\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 22.74 Gb Free Space | 30.52% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME-10FD3E33EE
    Current User Name: Debra Martyn
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/06/02 16:06:16 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/02/13 06:58:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\DEBRAM~2\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
    DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
    DRV - [2007/02/23 01:13:50 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
    DRV - [2007/02/23 01:13:50 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search "
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
    FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/26 11:23:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 11:23:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/26 11:24:09 | 000,000,000 | ---D | M]

    [2009/11/01 03:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Extensions
    [2010/08/21 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Firefox\Profiles\nzzqudik.default\extensions
    [2009/07/26 10:26:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debra Martyn\Application Data\Mozilla\Firefox\Profiles\nzzqudik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/21 11:54:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/12/11 18:15:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2008/10/04 21:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2010/08/31 19:23:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 () -
    O24 - Desktop WallPaper: C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/25 07:29:57 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56871556046913536)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/31 21:00:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    [2010/08/31 20:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/08/31 20:04:35 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Debra Martyn\Desktop\avgremover.exe
    [2010/08/31 19:13:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/31 19:10:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/31 19:10:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/31 19:10:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/31 19:10:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/31 18:53:52 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Debra Martyn\Desktop\avg_free_stb_all_9_115_cnet.exe
    [2010/08/31 18:41:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/31 18:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/31 12:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/08/31 06:24:53 | 006,436,560 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Debra Martyn\Desktop\DELL_AUDIO.EXE
    [2010/08/30 19:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2010/08/30 19:00:44 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/08/30 18:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\LogMeIn
    [2010/08/30 18:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/08/30 18:43:05 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2010/08/30 18:43:04 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2010/08/30 18:43:04 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
    [2010/08/30 18:42:57 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2010/08/30 18:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
    [2010/08/30 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Deployment
    [2010/08/30 18:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI11.tmp
    [2010/08/30 17:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/08/26 00:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/25 21:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
    [2010/08/25 21:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMIDC.tmp
    [2010/08/25 20:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/25 20:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/06/24 18:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Application Data\dvdcss
    [2010/06/17 10:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\Yahoo!
    [2010/06/10 03:09:44 | 000,000,000 | ---D | C] -- C:\e8386c1ba4d343c74f
    [2010/01/24 10:47:24 | 093,234,472 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
    [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/31 21:59:12 | 000,013,145 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\New Microsoft Office Word Document.docx
    [2010/08/31 21:01:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38B0B232-96E9-44F9-B9DB-6ACB4DC20BF3}.job
    [2010/08/31 21:00:48 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Debra Martyn\Desktop\avgremover.exe
    [2010/08/31 21:00:40 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-789336058-839522115-1005.job
    [2010/08/31 21:00:40 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-789336058-839522115-1005.job
    [2010/08/31 21:00:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debra Martyn\Desktop\OTL.exe
    [2010/08/31 20:51:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/31 20:49:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/31 20:16:03 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\ntuser.dat
    [2010/08/31 20:13:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/31 20:13:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/31 20:12:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/31 20:12:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debra Martyn\ntuser.ini
    [2010/08/31 20:04:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/31 19:23:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/31 19:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/08/31 18:54:03 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Debra Martyn\Desktop\avg_free_stb_all_9_115_cnet.exe
    [2010/08/31 18:45:42 | 003,829,857 | R--- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\ComboFix.exe
    [2010/08/31 18:32:23 | 084,219,346 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Desktop\aug31.reg
    [2010/08/31 18:29:01 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/31 18:29:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/31 06:24:53 | 006,436,560 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Debra Martyn\Desktop\DELL_AUDIO.EXE
    [2010/08/31 05:17:17 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/08/30 18:42:56 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/08/30 14:59:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\prvlcl.dat
    [2010/08/28 17:41:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/28 08:15:20 | 000,126,464 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/12 14:26:01 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/12 14:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/12 14:08:11 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/12 14:08:11 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/12 14:08:11 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/02 09:13:18 | 007,476,370 | -H-- | M] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\IconCache.db
    [2010/06/21 09:12:35 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Debra Martyn\My Documents\The Character of Tallis Browne.doc
    [13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/31 20:59:44 | 000,013,145 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\New Microsoft Office Word Document.docx
    [2010/08/31 19:13:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/31 19:13:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/08/31 19:10:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/31 19:10:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/31 19:10:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/31 19:10:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/31 19:10:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/31 18:32:12 | 084,219,346 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\aug31.reg
    [2010/08/31 17:48:04 | 003,829,857 | R--- | C] () -- C:\Documents and Settings\Debra Martyn\Desktop\ComboFix.exe
    [2010/08/30 18:42:54 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2010/06/21 08:45:08 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\My Documents\The Character of Tallis Browne.doc
    [2010/04/13 15:54:05 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
    [2009/12/07 18:51:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\prvlcl.dat
    [2008/12/22 21:50:37 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/07/25 07:23:09 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/08/04 12:02:47 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/13 12:37:56 | 000,053,161 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    [2007/02/13 12:37:56 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2007/02/13 12:32:38 | 000,524,573 | ---- | C] () -- C:\Documents and Settings\Debra Martyn\Application Data\Update_HP_RedboxHprblog_HPSU.log
    [2007/02/13 12:32:38 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2006/08/31 09:52:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/07/20 19:04:40 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2006/07/20 18:54:54 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/07/12 09:34:00 | 000,000,179 | ---- | C] () -- C:\WINDOWS\stci.ini
    [2004/08/04 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/04 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/04 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/04 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

    ========== LOP Check ==========

    [2009/02/13 06:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2009/04/20 18:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/08/30 18:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2006/07/20 17:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
    [2010/08/30 19:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/24 10:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/05/06 20:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Image Zone Express
    [2007/01/26 23:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\Leadertech
    [2010/03/03 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\RadioBar
    [2010/08/31 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debra Martyn\Application Data\uTorrent
    [2010/08/31 21:01:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38B0B232-96E9-44F9-B9DB-6ACB4DC20BF3}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/30 18:42:56 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2008/07/25 07:29:57 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/30 19:00:44 | 000,000,886 | ---- | M] () -- C:\avenger.txt
    [2010/08/31 18:29:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/31 19:13:12 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/08/31 20:51:28 | 000,014,503 | ---- | M] () -- C:\ComboFix.txt
    [2006/07/11 17:23:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/03/12 14:52:22 | 001,521,065 | ---- | M] () -- C:\Image001_1.jpg
    [2007/03/12 14:52:22 | 001,435,437 | ---- | M] () -- C:\Image002_2.jpg
    [2010/04/13 16:22:39 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
    [2006/07/11 17:23:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/07/11 17:23:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/10 04:25:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/31 20:12:53 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/30 14:56:08 | 000,000,325 | ---- | M] () -- C:\rkill.log
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2010/08/30 16:32:59 | 000,040,370 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_30.08.2010_16.32.16_log.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2010/06/02 16:06:36 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/07/12 06:08:30 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/07/12 10:02:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2006/07/12 06:08:30 | 009,175,040 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/07/12 06:08:30 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    < End of report >
     
    cspgsl,
    #22


  3. to hide this advert.

  4. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    OTL Extras logfile created on: 8/31/2010 9:01:19 PM - Run 1
    OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Debra Martyn\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 672.00 Mb Available Physical Memory | 66.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 22.74 Gb Free Space | 30.52% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME-10FD3E33EE
    Current User Name: Debra Martyn
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{52DCA321-E332-4EF5-8825-97E95C442B30}" = Personal Colour Viewer
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Aliant.MCCInstall" = Net Assistant
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
    "HPExtendedCapabilities" = HP Extended Capabilities 5.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RadioBar" = RadioBar Toolbar
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.2
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/28/2010 12:04:15 PM | Computer Name = HOME-10FD3E33EE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 8/28/2010 1:54:18 PM | Computer Name = HOME-10FD3E33EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
    could be found for product Microsoft Office 2000 Standard. The Windows installer
    cannot continue.

    Error - 8/28/2010 1:54:24 PM | Computer Name = HOME-10FD3E33EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
    could be found for product Microsoft Office 2000 Standard. The Windows installer
    cannot continue.

    Error - 8/28/2010 1:54:31 PM | Computer Name = HOME-10FD3E33EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
    could be found for product Microsoft Office 2000 Standard. The Windows installer
    cannot continue.

    Error - 8/29/2010 6:29:20 AM | Computer Name = HOME-10FD3E33EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
    could be found for product Microsoft Office 2000 Standard. The Windows installer
    cannot continue.

    Error - 8/30/2010 6:45:39 AM | Computer Name = HOME-10FD3E33EE | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module urlmon.dll, version 8.0.6001.18939, fault address 0x0002df6e.

    Error - 8/30/2010 6:45:54 AM | Computer Name = HOME-10FD3E33EE | Source = Application Error | ID = 1001
    Description = Fault bucket 1989802330.

    Error - 8/30/2010 2:57:34 PM | Computer Name = HOME-10FD3E33EE | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Standard -- Error 1706. No valid source
    could be found for product Microsoft Office 2000 Standard. The Windows installer
    cannot continue.

    Error - 8/30/2010 3:00:48 PM | Computer Name = HOME-10FD3E33EE | Source = Application Hang | ID = 1002
    Description = Hanging application avgui.exe, version 9.0.0.832, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/31/2010 6:54:49 AM | Computer Name = HOME-10FD3E33EE | Source = Application Error | ID = 1000
    Description = Faulting application spwhbwwz.exe, version 1.0.15.15281, faulting
    module spwhbwwz.exe, version 1.0.15.15281, fault address 0x0000c4b1.

    [ System Events ]
    Error - 8/31/2010 5:45:34 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    IntelIde

    Error - 8/31/2010 5:52:46 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7034
    Description = The Application Layer Gateway Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/31/2010 5:55:38 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 8/31/2010 5:55:50 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7000
    Description = The AVG9IDSShim service failed to start due to the following error:
    %%3

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7001
    Description = The AVG9IDSFilter service depends on the AVG9IDSShim service which
    failed to start because of the following error: %%3

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7001
    Description = The AVG9IDSDriver service depends on the AVG9IDSFilter service which
    failed to start because of the following error: %%1068

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7002
    Description = The AVG9IDSAgent service depends on the AVGIDSDriver group and no
    member of this group started.

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7000
    Description = The AVG WatchDog service failed to start due to the following error:
    %%2

    Error - 8/31/2010 6:30:16 PM | Computer Name = HOME-10FD3E33EE | Source = Service Control Manager | ID = 7000
    Description = The AVG Firewall service failed to start due to the following error:
    %%2


    < End of report >
     
    cspgsl,
    #23
  5. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    as there is no av software installed now there are no popup "infected" messages so I am hoping that this process is doing it for her
     
    cspgsl,
    #24
  6. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can reinstall AVG at any time now, while I'm checking your OTL logs.
    I'd like to know what's going on.
     
    broni,
    #25
  7. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    OK - was going to install BitDefender instead - any thoughts?
     
    cspgsl,
    #26
  8. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O24 - Desktop Components:0 () - 
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #27
  9. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    BitDefender is a fine program.
     
    broni,
    #28
  10. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
    C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
    File not found.
    C:\WINDOWS\002741_.tmp deleted successfully.
    C:\WINDOWS\LMI11.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMI11.tmp folder deleted successfully.
    C:\WINDOWS\LMI137.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMI137.tmp folder deleted successfully.
    C:\WINDOWS\LMI5.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMI5.tmp folder deleted successfully.
    C:\WINDOWS\LMIDC.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMIDC.tmp folder deleted successfully.
    C:\WINDOWS\LMIF34.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMIF34.tmp folder deleted successfully.
    C:\WINDOWS\LMIF35.tmp\rescue.log deleted successfully.
    C:\WINDOWS\LMIF35.tmp folder deleted successfully.
    C:\WINDOWS\SET1B.tmp deleted successfully.
    C:\WINDOWS\SET1E.tmp deleted successfully.
    C:\WINDOWS\SET2A.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Debra Martyn
    ->Temp folder emptied: 18526711 bytes
    ->Temporary Internet Files folder emptied: 5869587 bytes
    ->Java cache emptied: 19699906 bytes
    ->FireFox cache emptied: 34707020 bytes
    ->Google Chrome cache emptied: 6274925 bytes
    ->Flash cache emptied: 178977 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 639043 bytes
    ->Flash cache emptied: 2471 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 4004 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 82.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Debra Martyn
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.11.0 log created on 08312010_212801

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    cspgsl,
    #29
  11. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Java(TM) 6 Update 21
    Adobe Flash Player
    Mozilla Firefox (3.0.16) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
    cspgsl,
    #30
  12. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You need to update Firefox.
     
    broni,
    #31
  13. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Getting to be past my bedtime here on the far east coast and I have an early start and another long day tomorrow.

    I'll fix Firefox when I complete the update tomorrow.

    Just downloading Kapersky definitions now and will run them as soon as.

    If there is anything else to scan please let me know and I shall do it early in the am. I shall post the Kap scan results first thing. You will see it if you look in the morning.

    No doubt you have heard it before but, many thanks for everything. It's really gratifying to know that there are folk like you who do this.

    Tom
     
    cspgsl,
    #32
  14. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Kaspersky is the very last scan.
    I'd like you to install some AV to see, if it won't complain about something.
    It shouldn't but....
     
    broni,
    #33
  15. 2010/08/31
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Will do and I'll let you know.

    If it does then I'll jump off that bridge when I get to it.

    Thx
     
    cspgsl,
    #34
  16. 2010/08/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You should be just fine by now :)
     
    broni,
    #35
    cspgsl likes this.
  17. 2010/09/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, September 1, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, August 31, 2010 21:55:09
    Records in database: 4171059
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Objects scanned: 50610
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 01:23:06

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
    cspgsl,
    #36
  18. 2010/09/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Thanks again Broni, your help is invaluable
     
    cspgsl,
    #37
  19. 2010/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)


    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
    broni,
    #38
  20. 2010/09/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue seems to be resolved.
     
    broni,
    #39
  21. 2010/09/06
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Yes Broni, it is.

    I removed all tools and logs and set a new restore point

    Computer is working as one should expect it to. User is happy once again.

    Thanks once more
     
    cspgsl,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...