Help! Internet keeps disconnecting and reconnecting, etc...

**Dcanton** · **Dcanton** on 29th January 2010, 8:18 pm

Ok, so my internet has been fine for a years until recently. I don't know if it was something I downloaded or what. It started acting weird after I downloaded a plugin file for Firefox. I believe it was a WMV plugin. Anyways, my internet has been disconnecting and reconnecting. I'm on a wireless network on a desktop and laptop and the connection is full bars and says excellent connection but it sure doesn't seem that way. My internet would disconnect for a few minutes then reconnect. Sometimes it won't connect at all. I can't load any pages in my browser or it just stops loading and I'm stuck waiting for a while for it to connect. I've reset my modem many times. It is the AT&T Uverse modems. It's one of the HomePortal 3000 series. Even resetting it doesn't help. Unplugging and plugging it back doesn't help. I've ran Malwarebytes and IOS 360 and nothing comes up. I have a feeling it's a malware or some type of virus but I can't pinpoint it and I don't want to go around deleting things and stopping vital computer processes. Can anyone please help me?

Here is my HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:13 AM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7840 bytes

**Dcanton** · **Dcanton** on 29th January 2010, 8:47 pm

Help anyone?

**Dcanton** · **Dcanton** on 30th January 2010, 1:13 am

**Belahzur** · **Belahzur** on 30th January 2010, 6:04 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

**Dcanton** · **Dcanton** on 30th January 2010, 9:34 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3663
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/30/2010 1:34:16 PM
mbam-log-2010-01-30 (13-34-16).txt

Scan type: Quick Scan
Objects scanned: 113812
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Belahzur** · **Belahzur** on 31st January 2010, 8:16 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

**Dcanton** · **Dcanton** on 31st January 2010, 9:36 pm

Here's a scan log from Avira AntiVir Personal - Free Antivirus. I have yet to post the OTL one once it is done scanning.

Avira AntiVir Personal
Report file date: Sunday, January 31, 2010 11:04

Scanning for 1712557 virus strains and unwanted

programs.

Licensee : Avira AntiVir Personal - FREE

Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DAVID-66C9A8DDA

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes

11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes

10/13/2009 19:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes

2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes

2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes

2/27/2009 18:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes

11/6/2009 15:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes

11/19/2009 18:52:33
VBASE002.VDF : 7.10.3.1 3143680 Bytes

1/20/2010 18:53:13
VBASE003.VDF : 7.10.3.75 996864 Bytes

1/26/2010 18:53:38
VBASE004.VDF : 7.10.3.76 2048 Bytes

1/26/2010 18:53:39
VBASE005.VDF : 7.10.3.77 2048 Bytes

1/26/2010 18:53:39
VBASE006.VDF : 7.10.3.78 2048 Bytes

1/26/2010 18:53:39
VBASE007.VDF : 7.10.3.79 2048 Bytes

1/26/2010 18:53:39
VBASE008.VDF : 7.10.3.80 2048 Bytes

1/26/2010 18:53:40
VBASE009.VDF : 7.10.3.81 2048 Bytes

1/26/2010 18:53:40
VBASE010.VDF : 7.10.3.82 2048 Bytes

1/26/2010 18:53:40
VBASE011.VDF : 7.10.3.83 2048 Bytes

1/26/2010 18:53:40
VBASE012.VDF : 7.10.3.84 2048 Bytes

1/26/2010 18:53:41
VBASE013.VDF : 7.10.3.85 2048 Bytes

1/26/2010 18:53:41
VBASE014.VDF : 7.10.3.122 172544 Bytes

1/29/2010 18:53:45
VBASE015.VDF : 7.10.3.123 2048 Bytes

1/29/2010 18:53:45
VBASE016.VDF : 7.10.3.124 2048 Bytes

1/29/2010 18:53:45
VBASE017.VDF : 7.10.3.125 2048 Bytes

1/29/2010 18:53:46
VBASE018.VDF : 7.10.3.126 2048 Bytes

1/29/2010 18:53:46
VBASE019.VDF : 7.10.3.127 2048 Bytes

1/29/2010 18:53:46
VBASE020.VDF : 7.10.3.128 2048 Bytes

1/29/2010 18:53:47
VBASE021.VDF : 7.10.3.129 2048 Bytes

1/29/2010 18:53:47
VBASE022.VDF : 7.10.3.130 2048 Bytes

1/29/2010 18:53:47
VBASE023.VDF : 7.10.3.131 2048 Bytes

1/29/2010 18:53:48
VBASE024.VDF : 7.10.3.132 2048 Bytes

1/29/2010 18:53:48
VBASE025.VDF : 7.10.3.133 2048 Bytes

1/29/2010 18:53:48
VBASE026.VDF : 7.10.3.134 2048 Bytes

1/29/2010 18:53:49
VBASE027.VDF : 7.10.3.135 2048 Bytes

1/29/2010 18:53:49
VBASE028.VDF : 7.10.3.136 2048 Bytes

1/29/2010 18:53:49
VBASE029.VDF : 7.10.3.137 2048 Bytes

1/29/2010 18:53:50
VBASE030.VDF : 7.10.3.138 2048 Bytes

1/29/2010 18:53:50
VBASE031.VDF : 7.10.3.140 12800 Bytes

1/31/2010 18:53:50
Engineversion : 8.2.1.154
AEVDF.DLL : 8.1.1.3 106868 Bytes

1/31/2010 18:54:24
AEscript.DLL : 8.1.3.12 823675 Bytes

1/31/2010 18:54:23
AESCN.DLL : 8.1.4.0 127348 Bytes

1/31/2010 18:54:19
AESBX.DLL : 8.1.1.1 246132 Bytes

11/8/2009 15:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes

1/31/2010 18:54:18
AEPACK.DLL : 8.2.0.5 422262 Bytes

1/31/2010 18:54:14
AEOFFICE.DLL : 8.1.0.38 196987 Bytes

11/8/2009 15:38:38
AEHEUR.DLL : 8.1.1.1 2322805 Bytes

1/31/2010 18:54:11
AEHELP.DLL : 8.1.10.0 237942 Bytes

1/31/2010 18:53:57
AEGEN.DLL : 8.1.1.85 369012 Bytes

1/31/2010 18:53:55
AEEMU.DLL : 8.1.1.0 393587 Bytes

11/8/2009 15:38:26
AECORE.DLL : 8.1.10.0 184695 Bytes

1/31/2010 18:53:52
AEBB.DLL : 8.1.0.3 53618 Bytes

11/8/2009 15:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes

12/12/2008 16:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes

8/26/2009 23:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes

1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes

12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes

3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes

1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes

1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes

2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes

12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes

5/15/2009 23:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes

10/13/2009 20:25:47

Configuration settings for the scan:
Jobname.............................: Complete system

scan
Configuration file..................: c:\program

files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........:

+APPL,+PCK,+PFS,+SPR,

Start of the scan: Sunday, January 31, 2010 11:04

Starting search for hȋdden objects.
'39834' objects were checked, '0' hȋdden objects were

found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been

scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been

scanned
Scan process 'avgnt.exe' - '1' Module(s) have been

scanned
Scan process 'sched.exe' - '1' Module(s) have been

scanned
Scan process 'avguard.exe' - '1' Module(s) have been

scanned
Scan process 'chrome.exe' - '1' Module(s) have been

scanned
Scan process 'chrome.exe' - '1' Module(s) have been

scanned
Scan process 'chrome.exe' - '1' Module(s) have been

scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been

scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been

scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been

scanned
Scan process 'CCC.exe' - '1' Module(s) have been

scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been

scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s)

have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been

scanned
Scan process 'aim.exe' - '1' Module(s) have been

scanned
Scan process 'is360tray.exe' - '1' Module(s) have

been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have

been scanned
Scan process 'MOM.exe' - '1' Module(s) have been

scanned
Scan process 'jusched.exe' - '1' Module(s) have been

scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been

scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been

scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been

scanned
Scan process 'explorer.exe' - '1' Module(s) have been

scanned
Scan process 'alg.exe' - '1' Module(s) have been

scanned
Scan process 'WMP54Gv4.exe' - '1' Module(s) have been

scanned
Scan process 'WLService.exe' - '1' Module(s) have

been scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have

been scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been

scanned
Scan process 'jqs.exe' - '1' Module(s) have been

scanned
Scan process 'is360srv.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'GSvr.exe' - '1' Module(s) have been

scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have

been scanned
Scan process 'AppleMobileDeviceService.exe' - '1'

Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'svchost.exe' - '1' Module(s) have been

scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been

scanned
Scan process 'lsass.exe' - '1' Module(s) have been

scanned
Scan process 'services.exe' - '1' Module(s) have been

scanned
Scan process 'winlogon.exe' - '1' Module(s) have been

scanned
Scan process 'csrss.exe' - '1' Module(s) have been

scanned
Scan process 'smss.exe' - '1' Module(s) have been

scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for

scanning.
C:\Program Files\Gamevance\gamevancelib32.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
C:\Program Files\Gamevance\gvun.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011300.exe
[DETECTION] Contains recognition pattern of the

APPL/Agent.246320 application
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011301.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011302.dll
[DETECTION] Contains recognition pattern of the

APPL/Agent.272432 application
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011303.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0011351.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0011353.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0013347.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0013349.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016368.exe
[0] Archive type: OVL
--> Object
[DETECTION] Is the TR/Dldr.Agent.BL.21 Trojan
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016370.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016371.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP77\A0009846.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\'
Begin scan in 'I:\'
I:\Recycled\Di34\system32\Nskhelper2.sys
[DETECTION] Contains recognition pattern of the

RKIT/Agent.fjl root kit
I:\MP3 Music\Gin Blossoms\Gin Blossoms - Found out

about you.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\MP3 Music\Beach Boys, The\ - The Beach boys - Then

I Kissed Her.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\MP3 Music\Coldplay\Coldplay - Viva La Vida

(2008)Full plus artwork-320Kbps\06 Coldplay -

Yes.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\Movies\The Stepfather (2009)\The Stepfather

(2009).avi
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\Movies\The Time Travelers Wife 2009\The Time

Travelers Wife 2009.avi
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\Diane\My Documents\LimeWire\Saved\Copy of dancing

with stars - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
I:\Diane\My Documents\LimeWire\Saved\def leppard nine

lives.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\VV1ZHUUE\n.qqkx[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RURKFHAG\14[1].kdg
[0] Archive type: NSIS
--> ProgramFilesDir/scm14.exe
[DETECTION] Contains recognition pattern of the

ADSPY/Cinmus.ajie adware or spyware
--> ProgramFilesDir/14.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RURKFHAG\28[1].kdg
[DETECTION] Is the TR/Obfuscated.KU.61 Trojan
--> ProgramFilesDir/scm28.exe
[DETECTION] Is the TR/Chinaad.TL Trojan
--> ProgramFilesDir/28.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RA0H09FC\jcd[2].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\QBSKIDZU\19[1].kdg
[DETECTION] Contains recognition pattern of the

DR/Chinaad.LR dropper
--> ProgramFilesDir/scm19.exe
[DETECTION] Contains recognition pattern of the

ADSPY/Agent.45056.5 adware or spyware
--> ProgramFilesDir/19.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\QBSKIDZU\28[1]
[DETECTION] Is the TR/BHO.Gen Trojan
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\AKFUC2PN\azza[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Crypted.Gen HTML script virus
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\AKFUC2PN\netandtv[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\8EQI0PBL\11[1].kdg
[0] Archive type: NSIS
--> ProgramFilesDir/scm11.exe
[DETECTION] Is the TR/Obfuscated.KU.177 Trojan
--> ProgramFilesDir/11.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\8EQI0PBL\newpop2[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\1X2J7UYW\c[1].htm
[DETECTION] Contains suspicious code

HEUR/HTML.Malware
I:\Diane\Local Settings\Temp\Acr13A.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus
I:\Diane\Local Settings\Temp\Acr28.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus
I:\Diane\Local Settings\Temp\AcrED.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus

Beginning disinfection:
C:\Program Files\Gamevance\gamevancelib32.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
[NOTE] The file was moved to '4bd2f053.qua'!
C:\Program Files\Gamevance\gvun.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
[NOTE] The file was moved to '4bdaf068.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011300.exe
[DETECTION] Contains recognition pattern of the

APPL/Agent.246320 application
[NOTE] The file was moved to '4b95f022.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011301.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
[NOTE] The file was moved to '4fea9b53.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011302.dll
[DETECTION] Contains recognition pattern of the

APPL/Agent.272432 application
[NOTE] The file was moved to '4fe0506b.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP118\A0011303.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
[NOTE] The file was moved to '4f1772eb.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0011351.dll
[DETECTION] Contains virus patterns of Adware

ADWARE/Adware.Gen
[NOTE] The file was moved to '4f125993.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0011353.exe
[DETECTION] Contains recognition pattern of the

ADSPY/GameVance.A.1544 adware or spyware
[NOTE] The file was moved to '4f106a03.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0013347.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f11627b.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0013349.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b95f023.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016368.exe
[NOTE] The file was moved to '4c9078b4.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016370.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4c93607c.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP120\A0016371.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4c926804.qua'!
C:\System Volume

Information\_restore{C64DB77E-DE40-4998-9B36-3C01D626

4F57}\RP77\A0009846.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4f1d4a3c.qua'!
I:\Recycled\Di34\system32\Nskhelper2.sys
[DETECTION] Contains recognition pattern of the

RKIT/Agent.fjl root kit
[NOTE] The file was moved to '4bd0f067.qua'!
I:\MP3 Music\Gin Blossoms\Gin Blossoms - Found out

about you.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4bd3f05d.qua'!
I:\MP3 Music\Beach Boys, The\ - The Beach boys - Then

I Kissed Her.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4b85f021.qua'!
I:\MP3 Music\Coldplay\Coldplay - Viva La Vida

(2008)Full plus artwork-320Kbps\06 Coldplay -

Yes.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4b85f02b.qua'!
I:\Movies\The Stepfather (2009)\The Stepfather

(2009).avi
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[WARNING] An error has occurred and the file

was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using

the ARK library.
[NOTE] The file was moved to '4bcaf05e.qua'!
I:\Movies\The Time Travelers Wife 2009\The Time

Travelers Wife 2009.avi
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[WARNING] An error has occurred and the file

was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using

the ARK library.
[NOTE] The file was moved to '4f497bbd.qua'!
I:\Diane\My Documents\LimeWire\Saved\Copy of dancing

with stars - greatest hits.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.N.3 Trojan
[NOTE] The file was moved to '4bd5f1f0.qua'!
I:\Diane\My Documents\LimeWire\Saved\def leppard nine

lives.mp3
[DETECTION] Contains recognition pattern of the

EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4bcbf1e6.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\VV1ZHUUE\n.qqkx[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4bd6f1b3.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RURKFHAG\14[1].kdg
[NOTE] The file was moved to '4bc0f1b9.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RURKFHAG\28[1].kdg
[DETECTION] Is the TR/Obfuscated.KU.61 Trojan
[NOTE] The file was moved to '4bc0f1bd.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\RA0H09FC\jcd[2].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4bc9f1e8.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\QBSKIDZU\19[1].kdg
[DETECTION] Contains recognition pattern of the

DR/Chinaad.LR dropper
[NOTE] The file was moved to '4bc0f1be.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\QBSKIDZU\28[1]
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '4c619ade.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\AKFUC2PN\azza[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Crypted.Gen HTML script virus
[NOTE] The file was moved to '4bdff1ff.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\AKFUC2PN\netandtv[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4bd9f1ea.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\8EQI0PBL\11[1].kdg
[NOTE] The file was moved to '4bc0f1b6.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\8EQI0PBL\newpop2[1].htm
[DETECTION] Contains recognition pattern of the

HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4bdcf1ea.qua'!
I:\Diane\Local Settings\Temporary Internet

Files\Content.IE5\1X2J7UYW\c[1].htm
[DETECTION] Contains suspicious code

HEUR/HTML.Malware
[NOTE] The detection was classified as

suspicious.
[NOTE] The file was moved to '4b96f1e0.qua'!
I:\Diane\Local Settings\Temp\Acr13A.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4bd7f1e8.qua'!
I:\Diane\Local Settings\Temp\Acr28.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4c4abda9.qua'!
I:\Diane\Local Settings\Temp\AcrED.tmp
[DETECTION] Contains recognition pattern of the

HTML/Malicious.PDF.Gen HTML script virus
[NOTE] The file was moved to '4bd7f1e9.qua'!

End of the scan: Sunday, January 31, 2010 13:09
Used time: 1:19:25 Hour(s)

The scan has been done completely.

14249 Scanned directories
400630 Files were scanned
41 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
36 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
400586 Files not concerned
4172 Archives were scanned
4 Warnings
37 Notes
39834 Objects were scanned with rootkit scan
0 hȋdden objects were found

**Dcanton** · **Dcanton** on 31st January 2010, 9:48 pm

And here is the scan log from OTL

OTL logfile created on: 1/31/2010 1:36:02 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 431.61 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 465.67 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 465.67 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.28 Gb Total Space | 774.20 Gb Free Space | 83.13% Space Free | Partition Type: FAT32

Computer Name: DAVID-66C9A8DDA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 13:34:15 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2010/01/20 23:24:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/28 01:46:59 | 000,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/01 02:17:29 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/30 03:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/31 15:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 15:23:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/09/24 17:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/08/20 18:05:56 | 000,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/07/23 00:51:26 | 016,804,864 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2008/06/18 02:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2007/07/17 11:13:56 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 11:13:34 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/05/17 13:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 13:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005/11/15 11:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

========== Modules (SafeList) ==========

MOD - [2010/01/31 13:34:15 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2004/08/04 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - [2009/12/28 01:46:59 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/31 15:23:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/09/24 17:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/08/20 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/08/20 18:05:56 | 000,573,440 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/05/17 13:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/01/31 10:33:58 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/12/25 16:26:22 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/01 19:41:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/28 15:33:56 | 000,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/20 20:52:40 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/07 03:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 18:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/07/24 02:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/02 11:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/10 13:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 04:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/19 00:03:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/18 12:40:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 02:58:57 | 000,000,000 | ---D | M]

[2009/10/29 19:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/28 20:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8pv1msl9.default\extensions
[2010/01/02 20:46:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8pv1msl9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/28 20:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/24 22:02:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npOGPPlugin.dll

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/29 14:39:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 12:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/31 10:49:39 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/31 10:49:39 | 000,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/31 10:49:39 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/31 10:49:39 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/31 10:49:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/31 10:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/31 10:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/31 10:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/01/31 10:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/26 08:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPAppData
[2010/01/20 23:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/01/20 23:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate
[2010/01/20 23:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/01/19 00:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/01/19 00:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2010/01/19 00:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/01/19 00:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/01/19 00:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpojp8500a909
[2010/01/18 23:59:07 | 000,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/01/18 23:59:07 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l082.dll
[2010/01/18 23:58:32 | 000,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtiop4.dll
[2010/01/18 23:58:32 | 000,741,376 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax5.dll
[2010/01/18 23:58:32 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/01/18 23:58:32 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/01/18 23:58:32 | 000,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/01/18 23:58:29 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys
[2010/01/18 23:58:29 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/01/18 23:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/01/18 23:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/01/18 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/01/18 23:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/01/18 23:56:26 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/01/18 23:56:16 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/01/18 16:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010/01/15 01:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2010/01/06 22:02:32 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDE.DLL
[2010/01/06 22:02:32 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING.DLL
[2010/01/06 22:02:32 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WAVMIX16.DLL
[2010/01/06 22:02:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING32.DLL
[2010/01/06 22:02:32 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDIB.DRV
[2010/01/06 22:02:32 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGPAL.WND
[2010/01/06 22:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2010/01/03 03:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/02 20:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/01/02 20:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/01/02 20:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/02 18:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2010/01/02 18:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\eBay Desktop
[2010/01/02 15:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/01/02 15:51:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/02 15:51:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/02 15:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 15:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/02 07:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/12/30 09:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/10/29 14:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/29 14:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/29 14:39:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/29 14:39:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 13:22:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1482476501-725345543-500UA.job
[2010/01/31 10:50:08 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/31 10:44:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/31 10:33:58 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/01/31 10:33:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 10:33:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 10:33:35 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/01/31 04:46:54 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/31 04:46:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/31 04:26:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 02:22:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1482476501-725345543-500Core.job
[2010/01/30 11:44:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/28 15:05:59 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/01/27 09:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/26 22:23:24 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010/01/26 00:04:04 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Officejet Pro 8500 A909g Series.job
[2010/01/24 02:48:43 | 000,024,255 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Watch My GF.docx
[2010/01/24 01:16:33 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Yahoo! Sports Fantasy Basketball.lnk
[2010/01/24 01:16:23 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fantasy Baseball Advice __ 2010 Fantasy Baseball Season.lnk
[2010/01/20 23:45:34 | 000,077,377 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2010/01/20 23:45:29 | 000,023,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/20 23:44:04 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/19 00:52:26 | 005,898,628 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/19 00:03:58 | 000,184,375 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/01/19 00:03:43 | 000,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/19 00:01:09 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/18 15:39:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/01/18 15:12:17 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Play Torchlight.lnk
[2010/01/18 13:10:22 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rappi Rangai Manga - Read Rappi Rangai manga scans online_.lnk
[2010/01/15 23:49:58 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FrostWire 4.18.6.lnk
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:02:31 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/03 03:54:30 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/02 20:08:09 | 000,025,436 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/02 18:59:52 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay Desktop.lnk
[2010/01/02 15:51:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 14:28:06 | 000,124,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 10:50:08 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/01/24 02:48:43 | 000,024,255 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Watch My GF.docx
[2010/01/24 01:16:33 | 000,002,380 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Yahoo! Sports Fantasy Basketball.lnk
[2010/01/24 01:16:23 | 000,002,330 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fantasy Baseball Advice __ 2010 Fantasy Baseball Season.lnk
[2010/01/20 23:40:14 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/01/19 00:04:48 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\WebReg Officejet Pro 8500 A909g Series.job
[2010/01/19 00:01:09 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/18 23:55:18 | 000,184,375 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/01/18 23:55:18 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/01/18 23:55:18 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/18 13:10:22 | 000,002,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rappi Rangai Manga - Read Rappi Rangai manga scans online_.lnk
[2010/01/15 23:49:58 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FrostWire 4.18.6.lnk
[2010/01/06 22:02:32 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2010/01/06 22:02:32 | 000,001,966 | ---- | C] () -- C:\WINDOWS\System\DVA.386
[2010/01/03 03:54:30 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/02 20:08:09 | 000,025,436 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/02 20:02:00 | 001,605,508 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Capture_20100101.wmv
[2010/01/02 18:59:52 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay Desktop.lnk
[2010/01/02 15:51:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 01:41:42 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/28 01:41:42 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2009/12/28 01:41:24 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/25 16:26:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/12/25 16:25:56 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/12/05 15:22:58 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/21 11:08:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/11/15 13:38:03 | 000,083,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/13 00:30:08 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 06:57:48 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/11/01 19:41:12 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/01 11:21:41 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/29 23:38:19 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 04:43:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 04:43:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 04:43:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >

**Belahzur** · **Belahzur** on 1st February 2010, 12:09 am

Log looks okay.
Avira detected some infected mp3 files.

Still having problems?

**Dcanton** · **Dcanton** on 1st February 2010, 7:29 am

Yeah. It seems to have slowed down a bit but I still get cut off occasionally especially when I'm playing online with my Xbox 360. I get so much lag that sometimes I lag out from the server. My internet sometimes lags as well and still reconnects and disconnects. Oh btw, is it okay to just delete everything in my Avira Quarantine? All the files are just sitting in there. Should I delete them now?