0

Hi! An email was opened. At that time, I guess a Trojan was downloaded. My Avast antivirus went nuts; I couldn't open the task manager or other system programs; I couldn't system restore; i couldn't even shut the computer down. I had to do a manual shutdown (held the power button down for 2 seconds). I started the computer back up and Avast was still detecting and blocking. I still couldn't system restore even after i did a complete virus scan (which nothing was detected). So, thinking I was going to have to have someone else look at the computer, I shut it down. A couple of days later, I turned it back on. It seems to work fine now except I have massive amounts of mshta.exe appear in my task manager (something like 20+ a day). No matter how many times I close them, they just reappear. Before this, I have never even seen a mshta.exe. It does cause my computer to slow to nothing and I am pretty sure the virus/trojan wasn't removed. I didn't really do anything. So...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5900

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2011 2:34:57 AM
mbam-log-2011-02-28 (02-34-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 306798
Time elapsed: 3 hour(s), 40 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Startup (Trojan.Agent) -> Value: Startup -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089568.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089569.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089570.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089572.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089573.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089574.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089575.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089577.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089578.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089579.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089580.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089581.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089582.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089583.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089584.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089585.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089586.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089587.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089588.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089589.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089590.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089591.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089592.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089593.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089595.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089596.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089597.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089598.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089599.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089600.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089601.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089602.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089576.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089594.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090441.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090442.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090444.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090445.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090447.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP827\A0090600.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP827\A0097292.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER One.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-27 20:12:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA28A
Running: g0s86q7m.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF20F7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF20F79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF20F7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GRMER Two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-27 21:59:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA28A
Running: g0s86q7m.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF20EACD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF20EAB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF20EB142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF20EB06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF20EA764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF20EAC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF20EA6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF20EA708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF20EAD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF20EB210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF20EAD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF20EAEC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF20F7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF20F79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF20F7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Compaq_Owner at 8:05:30.14 on Mon 02/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.130 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\compaq_owner.your-d0f670b45a\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\documents and settings\compaq_owner.your-d0f670b45a\start menu\programs\startup\Startup.js
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1.you\applic~1\mozilla\firefox\profiles\jp9bnab4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://compaq-laptop.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg&psa=&ind=2010121802&ptnrS=ZUfox000&si=&st=kwd&n=77d0064a&searchfor=
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\mozilla\firefox\profiles\jp9bnab4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: ArchView: {0AC54906-5413-4C81-B446-07929BC39C25} - %profile%\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 0fees.net Top-ADs Remover: {4ea1ebf2-dd99-8481-808d-1ddb0f615659} - %profile%\extensions\{4ea1ebf2-dd99-8481-808d-1ddb0f615659}
FF - Ext: foof: foof@foofme.com - %profile%\extensions\foof@foofme.com
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\compaq_owner.your-d0f670b45a\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-20 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-23 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-23 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-29 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [2007-5-14 508288]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2011-02-08 20:50:19 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-02-08 20:46:49 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-08 20:46:39 -------- d-----w- c:\windows\SHELLNEW
2011-01-30 20:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 15:25:54 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcBFB.tmp

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

Attach.txt

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2008 4:27:52 PM
System Uptime: 2/28/2011 2:38:08 AM (6 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3200+ | Socket 939 | 1790/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 36.857 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.351 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP796: 12/1/2010 2:22:03 AM - System Checkpoint
RP797: 12/2/2010 2:59:48 AM - System Checkpoint
RP798: 12/3/2010 3:17:18 AM - System Checkpoint
RP799: 12/4/2010 5:01:14 AM - System Checkpoint
RP800: 12/5/2010 5:16:29 AM - System Checkpoint
RP801: 12/6/2010 5:50:27 AM - System Checkpoint
RP802: 12/7/2010 6:50:28 AM - System Checkpoint
RP803: 12/8/2010 7:51:30 AM - System Checkpoint
RP804: 12/9/2010 8:01:18 AM - System Checkpoint
RP805: 12/10/2010 9:01:21 AM - System Checkpoint
RP806: 12/11/2010 9:06:58 AM - System Checkpoint
RP807: 12/12/2010 9:38:49 AM - System Checkpoint
RP808: 12/13/2010 10:02:23 AM - System Checkpoint
RP809: 12/14/2010 11:01:20 AM - System Checkpoint
RP810: 12/15/2010 3:01:33 AM - Software Distribution Service 3.0
RP811: 12/16/2010 3:00:36 AM - Software Distribution Service 3.0
RP812: 12/17/2010 3:38:27 AM - System Checkpoint
RP813: 12/18/2010 3:39:03 AM - System Checkpoint
RP814: 12/19/2010 4:25:57 AM - System Checkpoint
RP815: 12/20/2010 5:26:02 AM - System Checkpoint
RP816: 12/21/2010 6:25:58 AM - System Checkpoint
RP817: 12/22/2010 7:25:56 AM - System Checkpoint
RP818: 12/23/2010 8:25:56 AM - System Checkpoint
RP819: 12/24/2010 8:38:26 AM - System Checkpoint
RP820: 12/25/2010 9:11:15 AM - System Checkpoint
RP821: 12/26/2010 9:25:56 AM - System Checkpoint
RP822: 12/27/2010 10:27:01 AM - System Checkpoint
RP823: 12/28/2010 11:42:59 AM - System Checkpoint
RP824: 12/29/2010 12:26:49 PM - System Checkpoint
RP825: 12/30/2010 1:26:46 PM - System Checkpoint
RP826: 12/31/2010 2:24:22 PM - System Checkpoint
RP827: 1/1/2011 3:24:21 PM - System Checkpoint
RP828: 2/12/2011 12:15:28 PM - Restore Operation
RP829: 2/12/2011 12:24:26 PM - Restore Operation
RP830: 2/16/2011 11:50:43 AM - Restore Operation
RP831: 2/17/2011 11:54:19 AM - System Checkpoint
RP832: 2/18/2011 2:31:32 PM - System Checkpoint
RP833: 2/19/2011 2:41:22 PM - System Checkpoint
RP834: 2/20/2011 3:40:49 PM - System Checkpoint
RP835: 2/22/2011 3:17:05 AM - System Checkpoint
RP836: 2/23/2011 4:04:15 AM - System Checkpoint
RP837: 2/24/2011 5:04:14 AM - System Checkpoint
RP838: 2/25/2011 6:04:16 AM - System Checkpoint
RP839: 2/26/2011 6:08:31 AM - System Checkpoint
RP840: 2/27/2011 6:20:44 AM - System Checkpoint
RP841: 2/27/2011 10:20:44 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AIM Search
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Argente - Registry Cleaner 1.5.5.2
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled Blitz
Bonjour
BufferChm
CCScore
Coby Media Manager
Collapse!
Compaq Connections (remove only)
Compaq Organize
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DivX Setup
Easy Internet Sign-up
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F300
F300_Help
Facebook Plug-In
Fax_CDA
FullDPAppQFolder
getPlus(R) for Adobe
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 1.0
HP Game Console and games
HP Games
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Rhapsody
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.2.5 (Full)
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LimeWire 5.4.6
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Home and Student 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musicnotes Software Suite 1.2
MyDSC2
MyITLab ActiveX Installer 2, 9, 8, 65535
MySpaceIM
NewCopy_CDA
OfotoXMI
OptionalContentQFolder
PC-Doctor 5 for Windows
PC CIF Camer@
PhotoGallery
PokerStars
Polar Bowler from WildGames (remove only)
Polar Golfer from WildGames (remove only)
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RCA Detective™ 2.0.0.99
RCA Memory Manager 2.2.3.0
RCA Updater 1.0.2.0
Readme
RealPlayer
Remove WeatherBug Installer
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
Shooting Stars Pool from Compaq (remove only)
skin0001
SkinsHP1
SKINXSDK
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Status
TBS WMP Plug-in
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/27/2011 8:58:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
2/27/2011 6:12:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
2/25/2011 1:43:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Web Scanner service.
2/25/2011 1:43:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Mail Scanner service.
2/25/2011 1:42:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 11:35:38 PM, error: Service Control Manager [7000] - The Microsoft ASPI Manager service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Thank you for any help that can be provided.

3
Contributors
23
Replies
25
Views
6 Years
Discussion Span
Last Post by crunchie
0

Hey illusionx,

These steps have worked for me for almost every nasty I have dealt with.

1. Download Rkill.com *http://www.bleepingcomputer.com/download/anti-virus/rkill
2. Download malwarebytes (which it looks like u already have)
3. Boot into safe mode, with internet to update your malware definitions.
4. Run Rkill.com *make a note of what it stops you may need this later.
5. Run Malwarebytes
6. Reboot into normal mode and run Malwarebytes again.

These steps have worked for me 8 out of 10 times, let me know how they work for you.

0

Problem still persist.

Ran Rkill in safe mode. Nothing was stopped. Ran it a second time; c:\windows\system32\verclsid.exe was stopped. Ran it a third time; nothing was stopped. Ran it a fourth time; c:\windows\system32\grpconv.exe was stopped. Ran it two more times after that; nothing was stopped.

Ran malware after that; nothing was found. ran malware in normal mode; nothing was found.

0

MBAM does next to nothing in safe mode.
If it can be run in normal mode, that is how you run it.

0

Crunchie, Guess I got lucky when it has worked for me in the past. Got any suggestions for illusionx, I see your a heavy poster in this forum/section.

Edited by zelkea: n/a

0

I cannot read any of the OP's quoted logs. @ the OP. Please post logs without quotes. I could edit the post, but I do not have time.

0

I'm sorry. I thought it would help distinguish between the different reports. :)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5900

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2011 2:34:57 AM
mbam-log-2011-02-28 (02-34-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 306798
Time elapsed: 3 hour(s), 40 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Startup (Trojan.Agent) -> Value: Startup -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089568.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089569.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089570.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089572.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089573.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089574.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089575.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089577.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089578.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089579.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089580.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089581.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089582.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089583.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089584.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089585.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089586.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089587.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089588.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089589.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089590.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089591.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089592.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089593.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089595.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089596.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089597.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089598.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089599.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089600.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089601.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089602.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089576.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP813\A0089594.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090441.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090442.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090444.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090445.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP825\A0090447.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP827\A0090600.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{00eff98b-5705-4d9a-ba78-7681a60afb54}\RP827\A0097292.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER One.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-27 20:12:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA28A
Running: g0s86q7m.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF20F7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF20F79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF20F7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GRMER Two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-27 21:59:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 HDS728080PLAT20 rev.PF2OA28A
Running: g0s86q7m.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF20EACD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF20EAB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF20EB142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF20EB06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF20EA764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF20EAC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF20EA6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF20EA708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF20EAD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF20EB210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF20EAD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF20EAEC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF20F7B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF20F79C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF20F7AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Compaq_Owner at 8:05:30.14 on Mon 02/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.130 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\compaq_owner.your-d0f670b45a\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\documents and settings\compaq_owner.your-d0f670b45a\start menu\programs\startup\Startup.js
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1.you\applic~1\mozilla\firefox\profiles\jp9bnab4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://compaq-laptop.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg&psa=&ind=2010121802&ptnrS=ZUfox000&si=&st=kwd&n=77d0064a&searchfor=
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\mozilla\firefox\profiles\jp9bnab4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: ArchView: {0AC54906-5413-4C81-B446-07929BC39C25} - %profile%\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 0fees.net Top-ADs Remover: {4ea1ebf2-dd99-8481-808d-1ddb0f615659} - %profile%\extensions\{4ea1ebf2-dd99-8481-808d-1ddb0f615659}
FF - Ext: foof: foof@foofme.com - %profile%\extensions\foof@foofme.com
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\compaq_owner.your-d0f670b45a\application data\Move Networks

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-20 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-23 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-23 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-29 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [2007-5-14 508288]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2011-02-08 20:50:19 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-02-08 20:46:49 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-08 20:46:39 -------- d-----w- c:\windows\SHELLNEW
2011-01-30 20:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 15:25:54 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcBFB.tmp

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

Attach.txt

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2008 4:27:52 PM
System Uptime: 2/28/2011 2:38:08 AM (6 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3200+ | Socket 939 | 1790/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 36.857 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.351 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP796: 12/1/2010 2:22:03 AM - System Checkpoint
RP797: 12/2/2010 2:59:48 AM - System Checkpoint
RP798: 12/3/2010 3:17:18 AM - System Checkpoint
RP799: 12/4/2010 5:01:14 AM - System Checkpoint
RP800: 12/5/2010 5:16:29 AM - System Checkpoint
RP801: 12/6/2010 5:50:27 AM - System Checkpoint
RP802: 12/7/2010 6:50:28 AM - System Checkpoint
RP803: 12/8/2010 7:51:30 AM - System Checkpoint
RP804: 12/9/2010 8:01:18 AM - System Checkpoint
RP805: 12/10/2010 9:01:21 AM - System Checkpoint
RP806: 12/11/2010 9:06:58 AM - System Checkpoint
RP807: 12/12/2010 9:38:49 AM - System Checkpoint
RP808: 12/13/2010 10:02:23 AM - System Checkpoint
RP809: 12/14/2010 11:01:20 AM - System Checkpoint
RP810: 12/15/2010 3:01:33 AM - Software Distribution Service 3.0
RP811: 12/16/2010 3:00:36 AM - Software Distribution Service 3.0
RP812: 12/17/2010 3:38:27 AM - System Checkpoint
RP813: 12/18/2010 3:39:03 AM - System Checkpoint
RP814: 12/19/2010 4:25:57 AM - System Checkpoint
RP815: 12/20/2010 5:26:02 AM - System Checkpoint
RP816: 12/21/2010 6:25:58 AM - System Checkpoint
RP817: 12/22/2010 7:25:56 AM - System Checkpoint
RP818: 12/23/2010 8:25:56 AM - System Checkpoint
RP819: 12/24/2010 8:38:26 AM - System Checkpoint
RP820: 12/25/2010 9:11:15 AM - System Checkpoint
RP821: 12/26/2010 9:25:56 AM - System Checkpoint
RP822: 12/27/2010 10:27:01 AM - System Checkpoint
RP823: 12/28/2010 11:42:59 AM - System Checkpoint
RP824: 12/29/2010 12:26:49 PM - System Checkpoint
RP825: 12/30/2010 1:26:46 PM - System Checkpoint
RP826: 12/31/2010 2:24:22 PM - System Checkpoint
RP827: 1/1/2011 3:24:21 PM - System Checkpoint
RP828: 2/12/2011 12:15:28 PM - Restore Operation
RP829: 2/12/2011 12:24:26 PM - Restore Operation
RP830: 2/16/2011 11:50:43 AM - Restore Operation
RP831: 2/17/2011 11:54:19 AM - System Checkpoint
RP832: 2/18/2011 2:31:32 PM - System Checkpoint
RP833: 2/19/2011 2:41:22 PM - System Checkpoint
RP834: 2/20/2011 3:40:49 PM - System Checkpoint
RP835: 2/22/2011 3:17:05 AM - System Checkpoint
RP836: 2/23/2011 4:04:15 AM - System Checkpoint
RP837: 2/24/2011 5:04:14 AM - System Checkpoint
RP838: 2/25/2011 6:04:16 AM - System Checkpoint
RP839: 2/26/2011 6:08:31 AM - System Checkpoint
RP840: 2/27/2011 6:20:44 AM - System Checkpoint
RP841: 2/27/2011 10:20:44 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AIM Search
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Argente - Registry Cleaner 1.5.5.2
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled Blitz
Bonjour
BufferChm
CCScore
Coby Media Manager
Collapse!
Compaq Connections (remove only)
Compaq Organize
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DivX Setup
Easy Internet Sign-up
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F300
F300_Help
Facebook Plug-In
Fax_CDA
FullDPAppQFolder
getPlus(R) for Adobe
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 1.0
HP Game Console and games
HP Games
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Rhapsody
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.2.5 (Full)
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LimeWire 5.4.6
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Home and Student 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musicnotes Software Suite 1.2
MyDSC2
MyITLab ActiveX Installer 2, 9, 8, 65535
MySpaceIM
NewCopy_CDA
OfotoXMI
OptionalContentQFolder
PC-Doctor 5 for Windows
PC CIF Camer@
PhotoGallery
PokerStars
Polar Bowler from WildGames (remove only)
Polar Golfer from WildGames (remove only)
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RCA Detective™ 2.0.0.99
RCA Memory Manager 2.2.3.0
RCA Updater 1.0.2.0
Readme
RealPlayer
Remove WeatherBug Installer
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
Shooting Stars Pool from Compaq (remove only)
skin0001
SkinsHP1
SKINXSDK
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Status
TBS WMP Plug-in
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/27/2011 8:58:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
2/27/2011 6:12:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
2/25/2011 1:43:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Web Scanner service.
2/25/2011 1:43:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Mail Scanner service.
2/25/2011 1:42:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 2:45:13 PM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 11:35:38 PM, error: Service Control Manager [7000] - The Microsoft ASPI Manager service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

0

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
0

OTL.Txt

OTL logfile created on: 3/15/2011 3:05:21 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.69 Gb Total Space | 36.26 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive D: | 6.81 Gb Total Space | 0.35 Gb Free Space | 5.16% Space Free | Partition Type: FAT32

Computer Name: YOUR-D0F670B45A | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/08 14:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/18 01:48:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 17:28:29 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/01 16:36:23 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/15 15:45:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/05/14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/16 18:40:48 | 000,037,248 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 13:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 17:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 23:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 43 C3 62 85 92 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.searchEnginesURL: "http://searchplugins.peersbros.com/"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://compaq-laptop.aol.com/"
FF - prefs.js..extensions.enabledItems: {4ea1ebf2-dd99-8481-808d-1ddb0f615659}:0.1.1
FF - prefs.js..extensions.enabledItems: {0AC54906-5413-4C81-B446-07929BC39C25}:0.7.1
FF - prefs.js..extensions.enabledItems: foof@foofme.com:1.2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=v7Yog.ZEcpkZPDKB8D5fSg&psa=&ind=2010121802&ptnrS=ZUfox000&si=&st=kwd&n=77d0064a&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/21 18:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/13 19:08:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/13 19:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 14:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 14:47:05 | 000,000,000 | ---D | M]

[2009/12/25 16:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions
[2009/12/25 16:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/14 18:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions
[2009/07/14 00:40:44 | 000,000,000 | ---D | M] (ArchView) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
[2010/08/07 12:15:46 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/01 19:23:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 13:33:18 | 000,000,000 | ---D | M] (0fees.net Top-ADs Remover) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{4ea1ebf2-dd99-8481-808d-1ddb0f615659}
[2009/05/22 18:50:28 | 000,000,000 | ---D | M] ("Peers") -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{dd7515c0-0820-4234-806b-74197fa5955c}(2)
[2009/05/22 18:50:49 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetorrent@radicalsoft(2).com
[2009/05/22 18:50:48 | 000,000,000 | ---D | M] (FireTray) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetray@radicalsoft(2).com
[2010/05/01 19:23:23 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\foof@foofme.com
[2009/05/22 18:51:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\moveplayer@movenetworks(2).com
[2009/11/19 18:11:13 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\searchplugins\bing.xml
[2011/03/14 18:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 15:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/17 14:23:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER.YOUR-D0F670B45A\APPLICATION DATA\MOVE NETWORKS
[2010/12/13 19:08:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/13 19:08:40 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2008/12/02 22:07:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/26 12:36:34 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/05/24 21:30:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 02:53:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/15 02:59:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
[2011/03/15 02:53:03 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-568970797-4261247981-3037979727-1009UA.job
[2011/03/15 02:49:15 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/03/15 02:49:14 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/03/15 02:49:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/03/15 02:49:10 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/03/15 02:49:09 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/03/15 02:49:07 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/03/15 02:49:05 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/03/15 02:49:04 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/03/15 02:48:59 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/03/15 02:48:56 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/03/15 02:48:55 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/03/15 02:48:53 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/03/15 02:48:52 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/03/15 02:48:51 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/03/15 02:48:49 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/03/15 02:48:47 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/03/15 02:48:46 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/03/15 02:48:45 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/03/15 02:48:44 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/03/15 02:48:43 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/03/15 02:48:42 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/03/15 02:48:41 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/03/15 02:48:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/03/15 01:53:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-568970797-4261247981-3037979727-1009Core.job
[2011/03/14 16:31:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/13 18:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 18:28:17 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 18:08:25 | 000,446,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 18:08:24 | 000,073,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 05:15:24 | 005,570,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\mini cam photos002.jpg
[2011/03/11 18:55:06 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Google Chrome.lnk
[2011/03/10 18:33:51 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Shortcut (2) to JewelSummers #2.lnk
[2011/03/10 04:09:38 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/10 04:03:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/28 11:51:42 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\rkill.com
[2011/02/27 21:11:04 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\g0s86q7m.exe
[2011/02/27 20:58:13 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr
[2011/02/19 03:26:09 | 005,867,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/02/19 03:26:09 | 003,173,376 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/02/16 12:12:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/12 05:12:54 | 005,570,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\mini cam photos002.jpg
[2011/03/10 18:33:51 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Shortcut (2) to JewelSummers #2.lnk
[2011/02/28 18:33:41 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/28 11:51:41 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\rkill.com
[2011/02/27 21:11:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\g0s86q7m.exe
[2011/02/27 20:58:09 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr
[2010/08/12 03:32:10 | 000,136,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/23 23:31:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 23:31:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 11:00:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 09:39:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/03/25 09:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/09/17 12:25:55 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2009/09/17 12:25:55 | 000,004,886 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2009/05/15 12:55:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\wklnhst.dat
[2009/04/22 11:17:03 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/11 04:03:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/10 18:33:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/01/04 21:58:54 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 23:17:46 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\fusioncache.dat
[2008/11/08 14:32:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/27 00:29:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/27 00:29:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/27 00:29:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/27 00:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/27 00:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/27 00:29:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/26 18:31:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/10/26 13:38:27 | 000,012,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pucejo._sy
[2008/10/26 13:38:27 | 000,010,973 | ---- | C] () -- C:\WINDOWS\qolynysox.exe
[2008/10/26 13:38:26 | 000,018,515 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huvumaj.sys
[2008/10/26 13:38:26 | 000,014,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ujoreseni.bin
[2008/10/26 13:38:26 | 000,010,841 | ---- | C] () -- C:\WINDOWS\ulepuj.exe
[2008/10/26 10:00:30 | 000,019,698 | ---- | C] () -- C:\WINDOWS\uxety.dll
[2008/10/26 10:00:30 | 000,014,867 | ---- | C] () -- C:\WINDOWS\suwytob.dll
[2008/10/26 10:00:30 | 000,013,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agavuson.dll
[2008/10/26 10:00:30 | 000,012,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\onevav.vbs
[2008/10/26 10:00:30 | 000,012,141 | ---- | C] () -- C:\WINDOWS\unec.sys
[2008/10/26 10:00:30 | 000,012,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baxo.bin
[2008/10/26 10:00:30 | 000,010,696 | ---- | C] () -- C:\WINDOWS\qenejytixe.dat
[2008/10/25 19:41:41 | 000,013,386 | ---- | C] () -- C:\WINDOWS\wuwecysa.exe
[2008/10/25 19:41:41 | 000,011,263 | ---- | C] () -- C:\WINDOWS\ucuc.dll
[2008/04/20 02:37:42 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/12 21:42:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/07 23:14:28 | 000,011,748 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/18 23:37:36 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/15 21:17:24 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/11/15 13:24:54 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/11/15 13:24:53 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/26 02:18:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/04 22:52:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/08 22:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/12 11:19:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/11/07 23:47:23 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/09/08 17:36:59 | 000,001,790 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/02 00:06:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/19 14:50:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/04 15:49:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/05 05:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/27 17:47:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 17:24:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/27 17:20:45 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/03/27 17:19:37 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/03/27 17:19:37 | 000,001,227 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/03/27 17:19:27 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/27 17:19:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/27 17:17:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/27 17:15:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/27 17:03:15 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 17:01:35 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/27 17:01:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/27 16:56:43 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 16:55:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/27 16:51:48 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/27 16:37:31 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 16:34:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/27 16:34:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/27 16:33:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/01/09 18:28:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 02:05:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 01:55:08 | 000,446,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 01:55:08 | 000,073,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 01:53:22 | 000,323,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 01:50:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 01:48:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/01/30 15:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C4E
[2008/11/10 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/16 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/18 13:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/11/24 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Empyre Group
[2010/01/24 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/07/16 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/16 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/09/17 13:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2009/05/18 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/25 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/02/16 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/02/16 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/24 07:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 21:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/10/16 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/05/15 11:43:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/11/10 00:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\acccore
[2009/12/25 16:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\blinkx
[2009/12/25 16:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Coby Media Manager
[2008/12/12 23:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/14 00:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\CoreCodec
[2009/05/18 13:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
[2010/06/14 09:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Facebook
[2008/12/18 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\funkitron
[2010/08/12 01:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GARMIN
[2010/04/18 12:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GetRightToGo
[2010/03/05 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Image Zone Express
[2010/05/22 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Leadertech
[2010/07/07 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\LimeWire
[2010/12/13 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Local
[2009/04/30 11:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Netscape
[2008/11/02 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skinux
[2009/12/25 16:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Titanium Gears
[2010/01/24 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WildTangent
[2008/11/11 15:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WinBatch
[2011/03/14 16:31:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/03/15 02:49:07 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/03/15 02:48:41 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/03/15 02:48:42 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/03/15 02:48:47 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/03/15 02:48:46 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/03/15 02:49:15 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/03/15 02:49:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/03/15 02:49:04 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/03/15 02:48:56 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/03/15 02:48:59 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/03/15 02:48:52 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/03/15 02:48:53 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/03/15 02:49:09 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/03/15 02:48:45 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/03/15 02:48:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/03/15 02:48:43 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/03/15 02:48:49 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/03/15 02:48:55 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/03/15 02:48:44 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/03/15 02:49:05 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/03/15 02:59:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/03/15 02:49:14 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/03/15 02:48:51 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/03/15 02:49:10 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/12/04 17:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 17:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< End of report >

0

No, that's ok.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...cpkZPDKB8D5fSg
    IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    [2011/03/15 02:59:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2011/03/15 02:49:15 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2011/03/15 02:49:14 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2011/03/15 02:49:12 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2011/03/15 02:49:10 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2011/03/15 02:49:09 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2011/03/15 02:49:07 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/03/15 02:49:05 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2011/03/15 02:49:04 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2011/03/15 02:48:59 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2011/03/15 02:48:56 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2011/03/15 02:48:55 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2011/03/15 02:48:53 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2011/03/15 02:48:52 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2011/03/15 02:48:51 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2011/03/15 02:48:49 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2011/03/15 02:48:47 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2011/03/15 02:48:46 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2011/03/15 02:48:45 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2011/03/15 02:48:44 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2011/03/15 02:48:43 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2011/03/15 02:48:42 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2011/03/15 02:48:41 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2011/03/15 02:48:40 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    :Commands
    [purity]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====================

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\Documents and Settings\All Users\Application Data\pucejo._sy
C:\WINDOWS\qolynysox.exe
C:\Documents and Settings\All Users\Application Data\huvumaj.sys
C:\WINDOWS\ulepuj.exe
C:\WINDOWS\uxety.dll
C:\WINDOWS\suwytob.dll
C:\Documents and Settings\All Users\Application Data\agavuson.dll
C:\WINDOWS\wuwecysa.exe

0

When I run the Quick Scan, do I copy and paste the same things from the previous post?

0

@Crunchie, wow OTL is a great tool. Very interesting writeup's on the site as well, it has a wealth of information! I also found the snippet about HJT very interesting, thanks!

0

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml? removed from keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.YOUR-D0F670B45A

User: All Users

User: Application Data

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Compaq_Owner.YOUR-D0F670B45A
->Flash cache emptied: 136095 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.YOUR-D0F670B45A
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3645003 bytes

User: All Users

User: Application Data

User: Compaq_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Compaq_Owner.YOUR-D0F670B45A
->Temp folder emptied: 10311110 bytes
->Temporary Internet Files folder emptied: 4080054 bytes
->Java cache emptied: 7000747 bytes
->FireFox cache emptied: 56692804 bytes
->Google Chrome cache emptied: 421575832 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 74240 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 141056 bytes
Windows Temp folder emptied: 2268048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67295106 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 547.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 03152011_155751

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_cb4.dat not found!

Registry entries deleted on Reboot...

0

OTL logfile created on: 3/15/2011 4:28:11 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 190.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.69 Gb Total Space | 36.85 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive D: | 6.81 Gb Total Space | 0.35 Gb Free Space | 5.16% Space Free | Partition Type: FAT32

Computer Name: YOUR-D0F670B45A | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/08 14:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/18 01:48:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 17:28:29 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/01 16:36:23 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/15 15:45:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/05/14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/16 18:40:48 | 000,037,248 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 13:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 17:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 23:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 43 C3 62 85 92 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.searchEnginesURL: "http://searchplugins.peersbros.com/"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://compaq-laptop.aol.com/"
FF - prefs.js..extensions.enabledItems: {4ea1ebf2-dd99-8481-808d-1ddb0f615659}:0.1.1
FF - prefs.js..extensions.enabledItems: {0AC54906-5413-4C81-B446-07929BC39C25}:0.7.1
FF - prefs.js..extensions.enabledItems: foof@foofme.com:1.2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/21 18:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/13 19:08:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/13 19:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 14:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 14:47:05 | 000,000,000 | ---D | M]

[2009/12/25 16:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions
[2009/12/25 16:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/15 12:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions
[2009/07/14 00:40:44 | 000,000,000 | ---D | M] (ArchView) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
[2010/08/07 12:15:46 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/01 19:23:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 13:33:18 | 000,000,000 | ---D | M] (0fees.net Top-ADs Remover) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{4ea1ebf2-dd99-8481-808d-1ddb0f615659}
[2009/05/22 18:50:28 | 000,000,000 | ---D | M] ("Peers") -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{dd7515c0-0820-4234-806b-74197fa5955c}(2)
[2009/05/22 18:50:49 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetorrent@radicalsoft(2).com
[2009/05/22 18:50:48 | 000,000,000 | ---D | M] (FireTray) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetray@radicalsoft(2).com
[2010/05/01 19:23:23 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\foof@foofme.com
[2009/05/22 18:51:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\moveplayer@movenetworks(2).com
[2009/11/19 18:11:13 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\searchplugins\bing.xml
[2011/03/15 12:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 15:26:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/17 14:23:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER.YOUR-D0F670B45A\APPLICATION DATA\MOVE NETWORKS
[2010/12/13 19:08:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/13 19:08:40 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2008/12/02 22:07:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/26 12:36:34 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2011/03/15 16:05:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 02:53:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/03/15 16:10:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/15 16:10:38 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/15 16:05:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/15 15:53:07 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-568970797-4261247981-3037979727-1009UA.job
[2011/03/15 02:53:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
[2011/03/15 01:53:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-568970797-4261247981-3037979727-1009Core.job
[2011/03/14 16:31:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/13 18:08:25 | 000,446,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 18:08:24 | 000,073,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 05:15:24 | 005,570,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\mini cam photos002.jpg
[2011/03/11 18:55:06 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Google Chrome.lnk
[2011/03/10 18:33:51 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Shortcut (2) to JewelSummers #2.lnk
[2011/03/10 04:09:38 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/10 04:03:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/28 11:51:42 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\rkill.com
[2011/02/27 21:11:04 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\g0s86q7m.exe
[2011/02/27 20:58:13 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr
[2011/02/19 03:26:09 | 005,867,520 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/02/19 03:26:09 | 003,173,376 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/02/16 12:12:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/03/12 05:12:54 | 005,570,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\mini cam photos002.jpg
[2011/03/10 18:33:51 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Shortcut (2) to JewelSummers #2.lnk
[2011/02/28 18:33:41 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/28 11:51:41 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\rkill.com
[2011/02/27 21:11:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\g0s86q7m.exe
[2011/02/27 20:58:09 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr
[2010/08/12 03:32:10 | 000,136,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/23 23:31:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 23:31:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 11:00:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 09:39:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/03/25 09:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/09/17 12:25:55 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2009/09/17 12:25:55 | 000,004,886 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2009/05/15 12:55:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\wklnhst.dat
[2009/04/22 11:17:03 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/11 04:03:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/10 18:33:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/01/04 21:58:54 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 23:17:46 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\fusioncache.dat
[2008/11/08 14:32:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/27 00:29:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/27 00:29:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/27 00:29:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/27 00:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/27 00:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/27 00:29:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/26 18:31:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/10/26 13:38:27 | 000,012,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pucejo._sy
[2008/10/26 13:38:27 | 000,010,973 | ---- | C] () -- C:\WINDOWS\qolynysox.exe
[2008/10/26 13:38:26 | 000,018,515 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\huvumaj.sys
[2008/10/26 13:38:26 | 000,014,839 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ujoreseni.bin
[2008/10/26 13:38:26 | 000,010,841 | ---- | C] () -- C:\WINDOWS\ulepuj.exe
[2008/10/26 10:00:30 | 000,019,698 | ---- | C] () -- C:\WINDOWS\uxety.dll
[2008/10/26 10:00:30 | 000,014,867 | ---- | C] () -- C:\WINDOWS\suwytob.dll
[2008/10/26 10:00:30 | 000,013,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agavuson.dll
[2008/10/26 10:00:30 | 000,012,730 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\onevav.vbs
[2008/10/26 10:00:30 | 000,012,141 | ---- | C] () -- C:\WINDOWS\unec.sys
[2008/10/26 10:00:30 | 000,012,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\baxo.bin
[2008/10/26 10:00:30 | 000,010,696 | ---- | C] () -- C:\WINDOWS\qenejytixe.dat
[2008/10/25 19:41:41 | 000,013,386 | ---- | C] () -- C:\WINDOWS\wuwecysa.exe
[2008/10/25 19:41:41 | 000,011,263 | ---- | C] () -- C:\WINDOWS\ucuc.dll
[2008/04/20 02:37:42 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/12 21:42:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/07 23:14:28 | 000,011,748 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/18 23:37:36 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/15 21:17:24 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/11/15 13:24:54 | 000,117,681 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2007/11/15 13:24:53 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/02/26 02:18:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/04 22:52:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/08 22:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/12 11:19:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/11/07 23:47:23 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/09/08 17:36:59 | 000,001,790 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/02 00:06:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/19 14:50:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/04 15:49:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/05 05:20:40 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/03/27 17:47:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 17:24:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/27 17:20:45 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/03/27 17:19:37 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/03/27 17:19:37 | 000,001,227 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/03/27 17:19:27 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/27 17:19:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/27 17:17:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/27 17:15:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/27 17:03:15 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 17:01:35 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/27 17:01:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/27 16:56:43 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 16:55:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/27 16:51:48 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/27 16:37:31 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 16:34:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/27 16:34:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/27 16:33:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/01/09 18:28:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 02:05:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 01:55:08 | 000,446,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 01:55:08 | 000,073,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 01:53:22 | 000,323,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 01:50:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 01:48:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/01/30 15:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C4E
[2008/11/10 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/16 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/18 13:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/11/24 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Empyre Group
[2010/01/24 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/07/16 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/16 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/09/17 13:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2009/05/18 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/25 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/02/16 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/02/16 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/24 07:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 21:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/10/16 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/05/15 11:43:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/11/10 00:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\acccore
[2009/12/25 16:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\blinkx
[2009/12/25 16:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Coby Media Manager
[2008/12/12 23:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/14 00:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\CoreCodec
[2009/05/18 13:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
[2010/06/14 09:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Facebook
[2008/12/18 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\funkitron
[2010/08/12 01:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GARMIN
[2010/04/18 12:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GetRightToGo
[2010/03/05 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Image Zone Express
[2010/05/22 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Leadertech
[2010/07/07 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\LimeWire
[2010/12/13 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Local
[2009/04/30 11:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Netscape
[2008/11/02 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skinux
[2009/12/25 16:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Titanium Gears
[2010/01/24 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WildTangent
[2008/11/11 15:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WinBatch
[2011/03/14 16:31:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/12/04 17:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 17:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< End of report >

0

Filename: pucejo._sy
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 22:49:29 (CET) Permalink

Filename: qolynysox.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 22:53:19 (CET) Permalink

Um, after I ran those two scans, the path C:\Documents and Settings\All Users\Applications is no longer there. I filed back on the browser and tried the path again and now the path C:\Documents and Settings\All Users no longer exist. I right clicked, the folder Documents and Settings, selected properties, and the file size (it got as high as 10gb before i closed it), size on disk and number of files it contains steadily increases (hard drive runs) until i close the properties box.

So I can't scan:

C:\Documents and Settings\All Users\Application Data\huvumaj.sys
C:\Documents and Settings\All Users\Application Data\agavuson.dll

Edited by illusionx: n/a

0

Filename: ulepuj.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:08:51 (CET) Permalink

Filename: uxety.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:11:15 (CET) Permalink

Filename: suwytob.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:12:44 (CET) Permalink

Filename: wuwecysa.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:14:35 (CET) Permalink

0

Ok, I think I got it. For some reason, it hid all hidden folders again (changed settings).

All Users\Application Data\huvumaj.sys
All Users\Application Data\agavuson.dll

...both became hidden. I don't know. Anyway...

Filename: huvumaj.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:22:58 (CET) Permalink

Filename: agavuson.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 15 Mar 2011 23:25:13 (CET) Permalink

0

Just got back and checked. It seems the mshta recurrences have ceased. Thank you for your time and effort in helping me with this problem once again.

0

No worries.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.