antispyware 2010

View previous topic View next topic Go down

antispyware 2010

Post by kestims on Wed Apr 07, 2010 8:47 am

I am getting popups saying i need to install antispyware 2010. My firewall has been turned off and I can't turn it back on. Task manager says it has been disabled by administrator. I can't run malwarebytes, that just does nothing when I try, no messages. And my avgfree now says i have no active components and will let me scan single files but not whole computer. But it has frozen or closed for no reason. I had netscape and another program open when all of the sudden they just closed and i started getting a bunch of pop ups. Is there anything you can suggest I do?
Thanks

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Wed Apr 07, 2010 9:42 am

I downloaded OTL and ran it
OTL Extras logfile created on: 4/7/2010 3:27:54 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.19 Gb Total Space | 60.12 Gb Free Space | 69.76% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.47 Gb Free Space | 21.11% Space Free | Partition Type: FAT32
Drive E: | 134.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOORE-ART-BY-JD
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = NetscapeHTML] -- C:\Program Files\Netscape\Netscape Browser\netscape.exe (Netscape)
.js [@ = JSFile] -- C:\WINDOWS\System32\Wscript.exe File not found
.jse [@ = JSEFile] -- C:\WINDOWS\System32\Wscript.exe File not found
.reg [@ = regfile] -- C:\WINDOWS\System32\regedit.exe (Portable Library)
.txt [@ = CorelDRAW.Graphic.13] -- C:\Program Files\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE (Corel Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\Wscript.exe File not found
.vbs [@ = VBSFile] -- Wscript.exe "%1" %*
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\Wscript.exe File not found
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\Wscript.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape)
https [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -url "%1" (Netscape)
jsfile [open] -- %SystemRoot%\System32\Wscript.exe "%1" %* File not found
jsefile [open] -- %SystemRoot%\System32\Wscript.exe "%1" %* File not found
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" (Portable Library)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\Wscript.exe "%1" %* File not found
vbsfile [open] -- Wscript.exe "%1" %*
wsffile [open] -- %SystemRoot%\System32\Wscript.exe "%1" %* File not found
wshfile [open] -- %SystemRoot%\System32\Wscript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*:Enabled:http
"21:TCP" = 21:TCP:*:Enabled:ftp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google SketchUp 7\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Disabled:Google SketchUp -- File not found
"C:\Program Files\Netscape\Netscape Browser\netscape.exe" = C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape -- (Netscape)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3750EE13-EBE3-4114-9F05-D88B0E5FB48E}" = FlexiEXPERT 8.1v1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{59224777-298D-4E9C-9AEB-4A91BDA01B27}" = McAfee VirusScan Enterprise
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{81750470-1E28-4D33-83C1-2549D26FC1EF}" = FlexiSIGN-PRO 8.0v2
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E32D1370-414D-45CC-950A-7320BA6022C5}" = Corel SVG Viewer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"Internet Sweeper" = Internet Sweeper
"Juno" = Juno
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Photo Viewer" = Photo Viewer 2.3
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Scrapbook Paige1.0" = Scrapbook Paige
"Shockwave" = Shockwave
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Whomp Underground1.1.0.3" = Word Whomp Underground
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yard Sale Hidden Treasures Sunnyville1.8" = Yard Sale Hidden Treasures Sunnyville

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2010 11:45:24 AM | Computer Name = MOORE-ART-BY-JD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Network Associates\VirusScan\Mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2648 (0xa58) Thread address : 0x7c90e514 Thread message : Build Sep 4 2003
18:12:10 / 5400.1158 Object being scanned = \Device\HarddiskVolume2\System Volume
Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1309\A0135939.exe
by avgchsvx.exe 24000(0)(7) 10006(0)(0) 27000(0)(1050) 27001(0)(0) 10010(0)(231712368)

7604(0)(0) 7603(0)(0) 7602(0)(0)

Error - 4/3/2010 1:03:01 PM | Computer Name = MOORE-ART-BY-JD | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 4/3/2010 7:01:17 PM | Computer Name = MOORE-ART-BY-JD | Source = Application Error | ID = 1000
Description = Faulting application netscape.exe, version 0.5.0.0, faulting module
docshell.dll, version 0.0.0.0, fault address 0x000121fd.

Error - 4/7/2010 3:15:38 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Error | ID = 1000
Description = Faulting application xwsarcneom.tmp, version 0.0.0.0, faulting module
xwsarcneom.tmp, version 0.0.0.0, fault address 0x00017d69.

Error - 4/7/2010 3:16:20 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Error | ID = 1000
Description = Faulting application csroexnawm.tmp, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000378c0.

Error - 4/7/2010 3:21:20 AM | Computer Name = MOORE-ART-BY-JD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 4/7/2010 3:23:03 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Hang | ID = 1002
Description = Hanging application mcconsol.exe, version 7.1.0.187, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2010 3:53:30 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Error | ID = 1000
Description = Faulting application netscape.exe, version 0.5.0.0, faulting module
ieframe.dll, version 8.0.6001.18904, fault address 0x00125de4.

Error - 4/7/2010 3:57:57 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Hang | ID = 1002
Description = Hanging application shstat.exe, version 7.1.0.187, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2010 4:12:36 AM | Computer Name = MOORE-ART-BY-JD | Source = Application Hang | ID = 1002
Description = Hanging application mcconsol.exe, version 7.1.0.187, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/7/2010 4:03:08 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/7/2010 4:03:39 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/7/2010 4:12:06 AM | Computer Name = MOORE-ART-BY-JD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Network Associates McShield
service to connect.

Error - 4/7/2010 4:12:06 AM | Computer Name = MOORE-ART-BY-JD | Source = Service Control Manager | ID = 7000
Description = The Network Associates McShield service failed to start due to the
following error: %%1053

Error - 4/7/2010 4:12:46 AM | Computer Name = MOORE-ART-BY-JD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Network Associates McShield
service to connect.

Error - 4/7/2010 4:12:46 AM | Computer Name = MOORE-ART-BY-JD | Source = Service Control Manager | ID = 7000
Description = The Network Associates McShield service failed to start due to the
following error: %%1053

Error - 4/7/2010 4:16:38 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/7/2010 4:19:10 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/7/2010 4:19:41 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/7/2010 4:20:12 AM | Computer Name = MOORE-ART-BY-JD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Wed Apr 07, 2010 9:43 am

OTL logfile created on: 4/7/2010 3:27:54 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.19 Gb Total Space | 60.12 Gb Free Space | 69.76% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.47 Gb Free Space | 21.11% Space Free | Partition Type: FAT32
Drive E: | 134.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOORE-ART-BY-JD
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/07 03:24:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/04/07 03:12:29 | 000,075,264 | ---- | M] ( ) -- C:\WINDOWS\Temp\s0q6.exe
PRC - [2010/04/07 02:32:54 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mplay32xe.exe
PRC - [2010/04/07 02:19:54 | 000,075,264 | ---- | M] ( ) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\s0q6.exe
PRC - [2010/04/07 02:16:38 | 000,195,584 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe
PRC - [2010/04/01 09:10:41 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/13 09:24:25 | 000,751,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/03/13 09:23:44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/08 22:13:47 | 002,138,112 | ---- | M] () -- C:\Program Files\NETGEAR\WN111\wn111.exe
PRC - [2009/07/27 19:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2008/04/13 19:12:36 | 000,151,552 | -H-- | M] () -- C:\WINDOWS\Fonts\services.exe
PRC - [2008/04/13 19:12:19 | 001,058,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 17:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2005/08/17 18:58:30 | 000,294,912 | ---- | M] (Netscape) -- C:\Program Files\Netscape\Netscape Browser\netscape.exe
PRC - [2004/08/04 07:00:00 | 000,068,608 | ---- | M] (Neto systems) -- C:\WINDOWS\system32\PereSvc.exe
PRC - [2003/09/29 07:10:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2003/09/29 07:10:00 | 000,081,990 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
PRC - [2003/09/10 03:11:00 | 000,151,552 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2003/09/10 03:11:00 | 000,131,072 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2002/04/17 11:49:16 | 000,102,400 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 11:42:56 | 000,098,304 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe


========== Modules (SafeList) ==========

MOD - [2010/04/07 03:24:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/04/07 02:16:59 | 000,036,865 | ---- | M] () -- C:\WINDOWS\system32\msuqddft.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AOL ACS)
SRV - [2010/03/13 09:24:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/02/08 17:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2004/08/04 07:00:00 | 000,068,608 | ---- | M] (Neto systems) [Auto | Running] -- C:\WINDOWS\system32\PereSvc.exe -- (peresvc)
SRV - [2004/08/04 07:00:00 | 000,035,840 | ---- | M] (dreas company) [Auto | Running] -- C:\WINDOWS\system32\BtwSvc.dll -- (BtwSvc)
SRV - [2003/09/29 07:10:00 | 000,262,144 | ---- | M] (Network Associates, Inc.) [Auto | Stopped] -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield)
SRV - [2003/09/29 07:10:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager)
SRV - [2003/09/10 03:11:00 | 000,131,072 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - [2010/03/13 09:24:36 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 09:24:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 09:23:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/18 20:42:52 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2007/01/10 00:41:43 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/10/16 09:47:22 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\FlexiEXPERT 8.1v1\Program\Par1284.sys -- (Par1284)
DRV - [2006/09/20 08:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2005/09/08 02:23:06 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{085326CB-51A3560A-05010003})
DRV - [2005/08/29 17:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 00:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/03/09 20:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 17:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/29 07:10:00 | 000,083,008 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/13 03:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [1998/08/01 13:00:44 | 000,060,928 | ---- | M] (OnSpec Electronic, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\SMPLSCSI.SYS -- (SMPLSCSI)
DRV - [1996/07/12 20:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/02/21 10:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/02/21 10:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components [2010/02/21 10:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins [2010/02/21 10:43:56 | 000,000,000 | ---D | M]

[2009/05/22 16:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {043A593D-0C79-43EF-84E4-9F3078B53E3d} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (no name) - {D5CC50CD-5B07-4097-8B6B-D21CC857FC4D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (Portable Library)
O4 - HKLM..\Run: [ewrgetuj] C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\geurge.exe (Portable Library)
O4 - HKLM..\Run: [fzwkht] C:\WINDOWS\System32\msuqddft.DLL ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Portable Library)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCDrSmartMonitor] C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe (Portable Library)
O4 - HKLM..\Run: [RECGUARD] C:\WINDOWS\SMINST\recguard.exe (Portable Library)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe (Portable Library)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Portable Library)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe (Portable Library)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Portable Library)
O4 - HKCU..\Run: [mplay32xe.exe] C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mplay32xe.exe (Portable Library)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Portable Library)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Portable Library)
O4 - HKCU..\Run: [syncman] c:\Documents and Settings\Compaq_Owner\wuaucldt.exe (Portable Library)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: vrna = C:\WINDOWS\TEMP\s0q6.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: exec = C:\WINDOWS\fonts\services.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Portable Library)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Portable Library)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} [You must be registered and logged in to see this link.] (Abx(gh) Control)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} [You must be registered and logged in to see this link.] (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\fbpuxdgo: DllName - hxxcyvf.dll - File not found
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/25 00:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2006/11/21 01:48:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{404227ec-a8cf-11da-bb97-0015f2558567}\Shell\AutoRun\command - "" = J:\JDLightning\Windows\JDLightning.exe -- File not found
O33 - MountPoints2\{62e86a14-ad12-11dc-bc4e-0015f2558567}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{62e86a14-ad12-11dc-bc4e-0015f2558567}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{62e86a14-ad12-11dc-bc4e-0015f2558567}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{62e86a14-ad12-11dc-bc4e-0015f2558567}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O33 - MountPoints2\{62e86a22-ad12-11dc-bc4e-0015f2558567}\Shell - "" = AutoRun
O33 - MountPoints2\{62e86a22-ad12-11dc-bc4e-0015f2558567}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{62e86a22-ad12-11dc-bc4e-0015f2558567}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe" /START "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2010/04/07 03:25:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/07 03:12:24 | 000,200,192 | ---- | C] (-) -- C:\WINDOWS\System32\1677317.exe
[2010/04/07 03:12:24 | 000,062,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2010/04/07 02:33:06 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\regedit.exe
[2010/04/07 02:33:06 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\regedit .exe
[2010/04/07 02:33:05 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\wuaucldt.exe
[2010/04/07 02:33:05 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\wuaucldt .exe
[2010/04/07 02:33:04 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32.exe
[2010/04/07 02:33:04 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32 .exe
[2010/04/07 02:32:55 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt.exe
[2010/04/07 02:32:55 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt .exe
[2010/04/07 02:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Your Protection
[2010/04/07 02:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 02:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 02:16:51 | 000,036,864 | ---- | C] (hqrvm bddoetvthl) -- C:\WINDOWS\System32\d.bin
[2010/04/07 02:16:50 | 000,092,672 | ---- | C] (dreas company) -- C:\WINDOWS\System32\w.exe
[2010/04/07 02:16:49 | 000,044,032 | ---- | C] (Neto systems) -- C:\WINDOWS\System32\so.bin
[2010/04/07 02:16:49 | 000,035,840 | ---- | C] (dreas company) -- C:\WINDOWS\System32\ms.bin
[2010/04/07 02:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\59CB5BD3040C3AFC3A946845ABB0DDDC
[2010/04/02 21:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\deadline
[2010/04/02 21:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\defused
[2010/04/02 21:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\decrepit
[2010/03/31 11:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR
[2010/03/31 11:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/13 09:24:33 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 23:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/27 03:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/27 03:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 03:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/20 14:34:14 | 006,931,008 | ---- | C] (Caminova, Inc. ) -- C:\Program Files\DJVUCTRL-6.1.4-en-r2013.exe
[2007/07/29 21:15:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2006/12/24 03:42:43 | 004,278,640 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2006/12/20 17:08:22 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2006/12/20 17:06:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2006/12/20 17:01:02 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2006/12/20 16:59:22 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2006/12/20 16:58:01 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2006/12/20 16:55:39 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2006/12/20 16:54:52 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2006/12/20 16:54:19 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2006/12/20 16:47:30 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2006/12/20 16:46:49 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2006/12/20 16:42:34 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2006/06/09 02:41:52 | 000,212,992 | ---- | C] (magnetlink.org) -- C:\Program Files\magnet.exe
[2006/05/25 02:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/07 10:22:21 | 000,036,864 | ---- | M] (hqrvm bddoetvthl) -- C:\WINDOWS\System32\d.bin
[2010/04/07 10:20:50 | 000,092,672 | ---- | M] (dreas company) -- C:\WINDOWS\System32\w.exe
[2010/04/07 10:20:48 | 000,044,032 | ---- | M] (Neto systems) -- C:\WINDOWS\System32\so.bin
[2010/04/07 10:20:48 | 000,035,840 | ---- | M] (dreas company) -- C:\WINDOWS\System32\ms.bin
[2010/04/07 03:24:47 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/07 03:21:04 | 000,009,434 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
[2010/04/07 03:21:03 | 000,009,434 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\86K35bLqF
[2010/04/07 03:12:55 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/07 03:12:55 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/07 03:12:55 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/07 03:12:24 | 000,200,192 | ---- | M] (-) -- C:\WINDOWS\System32\1677317.exe
[2010/04/07 03:12:24 | 000,062,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2010/04/07 03:11:57 | 000,168,410 | ---- | M] () -- C:\WINDOWS\System32\1875879.exe
[2010/04/07 03:02:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/04/07 03:02:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/04/07 03:02:07 | 000,037,376 | ---- | M] (Portable Library) -- C:\WINDOWS\System32\regedit.exe
[2010/04/07 03:02:06 | 000,037,376 | ---- | M] (Portable Library) -- C:\WINDOWS\System32\wuaucldt.exe
[2010/04/07 03:02:05 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32.exe
[2010/04/07 03:01:54 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt.exe
[2010/04/07 03:00:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/04/07 03:00:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/07 03:00:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/07 03:00:06 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 02:59:15 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/04/07 02:58:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/07 02:33:06 | 000,037,376 | ---- | M] (Portable Library) -- C:\WINDOWS\System32\regedit .exe
[2010/04/07 02:33:05 | 000,037,376 | ---- | M] (Portable Library) -- C:\WINDOWS\System32\wuaucldt .exe
[2010/04/07 02:33:04 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32 .exe
[2010/04/07 02:32:55 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt .exe
[2010/04/07 02:31:15 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/07 02:26:57 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/07 02:21:19 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/04/07 02:17:18 | 000,062,464 | ---- | M] (Portable Library) -- C:\WINDOWS\System\hpsysdrv .exe
[2010/04/07 02:16:59 | 000,036,865 | ---- | M] () -- C:\WINDOWS\System32\msuqddft.dll
[2010/04/07 02:16:38 | 000,195,584 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe
[2010/04/07 02:16:38 | 000,168,410 | ---- | M] () -- C:\WINDOWS\System32\9162714.exe
[2010/04/07 02:09:55 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/04/06 10:04:57 | 058,598,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/05 10:04:09 | 001,780,554 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Graphic1.cdr
[2010/04/01 04:01:38 | 004,876,900 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\redo jbdh.cdr
[2010/03/31 21:32:04 | 000,399,765 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\defused.zip
[2010/03/31 21:31:40 | 000,049,172 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\decrepit.zip
[2010/03/31 21:30:30 | 000,041,173 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\deadline.zip
[2010/03/31 11:01:52 | 001,364,522 | ---- | M] () -- C:\Program Files\wrar393.exe
[2010/03/30 02:46:49 | 000,083,069 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\redo jbdh.jpg
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:18:44 | 001,815,038 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\target.cdr
[2010/03/29 02:18:34 | 001,057,364 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\11910.cdr
[2010/03/29 02:18:22 | 000,687,788 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\scans.cdr
[2010/03/29 01:44:50 | 000,000,459 | ---- | M] () -- C:\WINDOWS\Lexstat.ini
[2010/03/21 04:27:27 | 000,194,465 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\JBDH.jpg
[2010/03/18 20:39:41 | 000,238,220 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\blding shield.cdr
[2010/03/16 18:20:59 | 002,222,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/14 00:54:33 | 000,002,657 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\I8.jpg
[2010/03/14 00:51:12 | 000,003,796 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\4.jpg
[2010/03/14 00:50:57 | 000,003,392 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\3.jpg
[2010/03/14 00:50:46 | 000,003,796 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\2.jpg
[2010/03/14 00:50:25 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\1.jpg
[2010/03/13 13:25:30 | 000,276,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/13 09:24:36 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 09:24:33 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 09:24:33 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 09:23:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/09 22:24:27 | 000,000,575 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/08 04:10:18 | 4145,451,868 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\shap.ai
[2010/03/08 03:55:09 | 000,195,898 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\good shape.cdr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/07 03:11:57 | 000,168,410 | ---- | C] () -- C:\WINDOWS\System32\1875879.exe
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/04/07 03:02:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/04/07 02:21:19 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/04/07 02:16:59 | 000,036,865 | ---- | C] () -- C:\WINDOWS\System32\msuqddft.dll
[2010/04/07 02:16:43 | 000,009,434 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\86K35bLqF
[2010/04/07 02:16:43 | 000,009,434 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
[2010/04/07 02:16:38 | 000,195,584 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe
[2010/04/07 02:16:38 | 000,168,410 | ---- | C] () -- C:\WINDOWS\System32\9162714.exe
[2010/04/05 10:03:14 | 001,780,554 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Graphic1.cdr
[2010/03/31 21:32:05 | 000,399,765 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\defused.zip
[2010/03/31 21:31:44 | 000,049,172 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\decrepit.zip
[2010/03/31 21:30:47 | 000,041,173 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\deadline.zip
[2010/03/31 11:02:04 | 001,364,522 | ---- | C] () -- C:\Program Files\wrar393.exe
[2010/03/30 02:46:45 | 000,083,069 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\redo jbdh.jpg
[2010/03/28 21:40:34 | 000,687,788 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\scans.cdr
[2010/03/27 04:49:54 | 001,815,038 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\target.cdr
[2010/03/21 05:13:08 | 004,876,900 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\redo jbdh.cdr
[2010/03/21 04:27:27 | 000,194,465 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\JBDH.jpg
[2010/03/18 20:39:40 | 000,238,220 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\blding shield.cdr
[2010/03/14 00:54:33 | 000,002,657 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\I8.jpg
[2010/03/14 00:51:12 | 000,003,796 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\4.jpg
[2010/03/14 00:50:57 | 000,003,392 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\3.jpg
[2010/03/14 00:50:46 | 000,003,796 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\2.jpg
[2010/03/14 00:50:25 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\1.jpg
[2010/03/08 04:04:18 | 001,057,364 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\11910.cdr
[2010/03/08 03:54:06 | 000,195,898 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\good shape.cdr
[2009/11/09 23:43:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/01 14:45:54 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
[2009/11/01 14:43:39 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
[2009/06/16 03:01:23 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/22 15:40:59 | 000,004,786 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\D5CC50CD-5B07-4097-8B6B-D21CC857FC4D.txt
[2009/05/17 05:07:54 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\UACdiomgpkmduslkwc.sys
[2008/07/14 01:04:57 | 000,000,325 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2008/04/29 20:16:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/04/29 20:04:08 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/04/29 20:04:08 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/04/29 20:04:08 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2008/04/15 08:17:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\kudovw32.INI
[2008/01/02 00:47:59 | 000,009,216 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2007/10/01 13:29:52 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/12 21:17:21 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/10 08:30:25 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2007/09/10 08:30:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/08/11 15:33:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2007/07/29 21:44:18 | 000,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/07/29 21:17:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/07/29 21:17:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/07/29 21:15:29 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2007/07/29 21:14:32 | 000,000,459 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2007/07/29 21:14:08 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2007/05/10 21:53:37 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2007/03/24 21:00:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/24 02:41:21 | 000,002,514 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2007/01/25 14:42:48 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2007/01/10 00:41:43 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/12/14 09:50:03 | 000,131,393 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\AdobeFnt10.lst
[2006/11/30 01:06:36 | 000,000,323 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/11/28 07:14:49 | 000,000,194 | ---- | C] () -- C:\WINDOWS\GMonkey.ini
[2006/11/28 07:02:38 | 000,000,058 | ---- | C] () -- C:\WINDOWS\rhapsody.ini
[2006/11/28 07:01:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\soko.ini
[2006/11/28 06:56:57 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Tobors.ini
[2006/11/28 06:55:47 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINADV.INI
[2006/11/28 06:48:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\winmind.ini
[2006/11/28 06:43:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wslam.ini
[2006/11/24 20:41:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2006/11/24 20:41:13 | 000,000,166 | ---- | C] () -- C:\WINDOWS\emsoft.ini
[2006/11/24 20:38:33 | 000,001,599 | ---- | C] () -- C:\WINDOWS\FS.INI
[2006/11/23 16:46:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CSHearts.INI
[2006/11/23 16:46:31 | 000,000,137 | ---- | C] () -- C:\WINDOWS\CSBTutor.INI
[2006/11/23 16:36:30 | 000,000,016 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/11/23 16:07:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\yova.ini
[2006/11/23 16:06:52 | 000,000,522 | ---- | C] () -- C:\WINDOWS\YACHT-Z.INI
[2006/11/23 16:01:58 | 000,000,160 | ---- | C] () -- C:\WINDOWS\atoms.ini
[2006/11/23 16:01:01 | 000,000,033 | ---- | C] () -- C:\WINDOWS\kloks.ini
[2006/11/23 15:58:18 | 000,000,034 | ---- | C] () -- C:\WINDOWS\marbledx.ini
[2006/11/23 15:45:50 | 000,000,537 | ---- | C] () -- C:\WINDOWS\PYTHON.INI
[2006/11/23 15:41:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\DAISYG.INI
[2006/11/23 15:39:21 | 000,000,497 | ---- | C] () -- C:\WINDOWS\bricklyr.ini
[2006/11/23 15:36:14 | 000,000,057 | ---- | C] () -- C:\WINDOWS\RANGOON.INI
[2006/11/23 15:17:10 | 000,000,020 | ---- | C] () -- C:\WINDOWS\JACKPOT.INI
[2006/11/21 02:33:51 | 000,001,142 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2006/11/21 02:14:01 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ws40.ini
[2006/11/21 01:47:30 | 000,001,820 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2006/11/21 01:47:04 | 000,000,602 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/11/20 07:41:22 | 000,000,017 | ---- | C] () -- C:\WINDOWS\WORDSTOK.INI
[2006/11/20 07:25:26 | 000,000,143 | ---- | C] () -- C:\WINDOWS\HERECOME.INI
[2006/11/20 07:25:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\dodger.ini
[2006/11/16 20:39:30 | 000,000,378 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2006/10/19 20:25:39 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/13 21:34:47 | 000,001,921 | ---- | C] () -- C:\Program Files\Adobe Illustrator CS2.lnk
[2006/09/13 21:33:01 | 000,000,786 | ---- | C] () -- C:\Program Files\install.adb
[2006/08/12 17:52:37 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt
[2006/06/07 13:23:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2006/05/17 22:29:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/03/27 11:19:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2006/03/07 11:59:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2006/02/28 23:56:53 | 000,069,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSge10d.sys
[2006/02/27 09:35:03 | 000,002,676 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 21:50:32 | 000,000,248 | ---- | C] () -- C:\WINDOWS\arnowitz.ini
[2006/02/26 21:16:08 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG
[2006/02/26 21:16:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2006/02/26 21:15:17 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/02/26 21:15:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/01/10 17:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/10 17:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2005/11/14 10:58:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/14 10:33:43 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/14 10:27:58 | 000,012,994 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/14 10:27:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/14 10:25:39 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/14 10:23:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/14 10:13:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/14 10:12:17 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/14 10:06:59 | 000,005,375 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/14 10:05:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/14 09:51:03 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/14 09:47:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/14 09:47:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/14 09:47:14 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/25 08:39:58 | 000,068,749 | ---- | C] () -- C:\Program Files\Illustrator Read Me.pdf
[2005/03/25 08:39:52 | 000,013,842 | R--- | C] () -- C:\Program Files\Activation_ReadMe.htm
[2005/03/25 08:36:20 | 000,001,824 | ---- | C] () -- C:\Program Files\Adobe Illustrator CS2.csa
[2004/08/04 07:00:00 | 000,151,552 | -H-- | C] () -- C:\WINDOWS\Fonts\services.exe
[2004/08/04 07:00:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2004/06/16 00:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\Desktop\johnnymacsexchange.txt:SummaryInformation
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3A6CA11
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74009E5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE2502D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD65EA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD17FC9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DA9DB01
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FB7A2BD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A468A21E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:816B2485
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:077F4C77
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABFEED8E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:126591AF
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A07E3E9D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
< End of report >

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by Belahzur on Wed Apr 07, 2010 7:29 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/04/07 03:12:29 | 000,075,264 | ---- | M] ( ) -- C:\WINDOWS\Temp\s0q6.exe
    PRC - [2010/04/07 02:32:54 | 000,037,376 | ---- | M] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mplay32xe.exe
    PRC - [2010/04/07 02:19:54 | 000,075,264 | ---- | M] ( ) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\s0q6.exe
    PRC - [2010/04/07 02:16:38 | 000,195,584 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe
    PRC - [2008/04/13 19:12:36 | 000,151,552 | -H-- | M] () -- C:\WINDOWS\Fonts\services.exe
    O2 - BHO: (no name) - {043A593D-0C79-43EF-84E4-9F3078B53E3d} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [ewrgetuj] C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\geurge.exe (Portable Library)
    O4 - HKLM..\Run: [fzwkht] C:\WINDOWS\System32\msuqddft.DLL ()
    O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe (Portable Library)
    O4 - HKLM..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe (Portable Library)
    O4 - HKCU..\Run: [mplay32xe.exe] C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mplay32xe.exe (Portable Library)
    O4 - HKCU..\Run: [syncman] c:\Documents and Settings\Compaq_Owner\wuaucldt.exe (Portable Library)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: vrna = C:\WINDOWS\TEMP\s0q6.exe ( )
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: exec = C:\WINDOWS\fonts\services.exe ()O20 - Winlogon\Notify\fbpuxdgo: DllName - hxxcyvf.dll - File not found
    O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe" /START "%1" %* ()
    [2010/04/07 02:33:06 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\regedit.exe
    [2010/04/07 02:33:06 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\regedit .exe
    [2010/04/07 02:33:05 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\wuaucldt.exe
    [2010/04/07 02:33:05 | 000,037,376 | ---- | C] (Portable Library) -- C:\WINDOWS\System32\wuaucldt .exe
    [2010/04/07 02:33:04 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32.exe
    [2010/04/07 02:33:04 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\rundll32 .exe
    [2010/04/07 02:32:55 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt.exe
    [2010/04/07 02:32:55 | 000,037,376 | ---- | C] (Portable Library) -- C:\Documents and Settings\Compaq_Owner\wuaucldt .exe
    [2010/04/07 03:12:24 | 000,200,192 | ---- | C] (-) -- C:\WINDOWS\System32\1677317.exe
    [2010/04/07 02:16:51 | 000,036,864 | ---- | C] (hqrvm bddoetvthl) -- C:\WINDOWS\System32\d.bin
    [2010/04/07 02:16:50 | 000,092,672 | ---- | C] (dreas company) -- C:\WINDOWS\System32\w.exe
    [2010/04/07 02:16:49 | 000,044,032 | ---- | C] (Neto systems) -- C:\WINDOWS\System32\so.bin
    [2010/04/07 02:16:49 | 000,035,840 | ---- | C] (dreas company) -- C:\WINDOWS\System32\ms.bin
    [2006/12/24 03:42:43 | 004,278,640 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
    [2010/04/07 03:21:04 | 000,009,434 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\86K35bLqF
    [2010/04/07 03:21:03 | 000,009,434 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\86K35bLqF
    [2010/04/07 03:11:57 | 000,168,410 | ---- | M] () -- C:\WINDOWS\System32\1875879.exe
    [2010/04/07 02:17:18 | 000,062,464 | ---- | M] (Portable Library) -- C:\WINDOWS\System\hpsysdrv .exe
    [2010/04/07 02:16:59 | 000,036,865 | ---- | M] () -- C:\WINDOWS\System32\msuqddft.dll
    [2010/04/07 02:16:38 | 000,195,584 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe
    [2010/04/07 02:16:38 | 000,168,410 | ---- | M] () -- C:\WINDOWS\System32\9162714.exe

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Wed Apr 07, 2010 8:16 pm

So now I can't even open otl or either of the logs that i posted earlier.

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Wed Apr 07, 2010 8:17 pm

nevermind they all opened all of the sudden at once.

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Wed Apr 07, 2010 9:24 pm

No active process named s0q6.exe was found!
No active process named mplay32xe.exe was found!
No active process named s0q6.exe was found!
No active process named ave.exe was found!
Process services.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043A593D-0C79-43EF-84E4-9F3078B53E3d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043A593D-0C79-43EF-84E4-9F3078B53E3d}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ewrgetuj not found.
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\geurge.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fzwkht deleted successfully.
C:\WINDOWS\system32\msuqddft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
File C:\WINDOWS\system32\regedit.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\syncman not found.
File C:\WINDOWS\system32\wuaucldt.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mplay32xe.exe not found.
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mplay32xe.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syncman not found.
File c:\Documents and Settings\Compaq_Owner\wuaucldt.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\vrna not found.
File C:\WINDOWS\TEMP\s0q6.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\exec deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\WINDOWS\System32\regedit.exe not found.
File C:\WINDOWS\System32\regedit .exe not found.
File C:\WINDOWS\System32\wuaucldt.exe not found.
File C:\WINDOWS\System32\wuaucldt .exe not found.
File C:\Documents and Settings\Compaq_Owner\rundll32.exe not found.
File C:\Documents and Settings\Compaq_Owner\rundll32 .exe not found.
File C:\Documents and Settings\Compaq_Owner\wuaucldt.exe not found.
File C:\Documents and Settings\Compaq_Owner\wuaucldt .exe not found.
File C:\WINDOWS\System32\1677317.exe not found.
C:\WINDOWS\system32\d.bin moved successfully.
C:\WINDOWS\system32\w.exe moved successfully.
C:\WINDOWS\system32\so.bin moved successfully.
C:\WINDOWS\system32\ms.bin moved successfully.
File C:\Program Files\LimeWireWin.exe not found.
File C:\Documents and Settings\All Users\Application Data\86K35bLqF not found.
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\86K35bLqF not found.
File C:\WINDOWS\System32\1875879.exe not found.
C:\WINDOWS\system\hpsysdrv .exe moved successfully.
File C:\WINDOWS\System32\msuqddft.dll not found.
File C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ave.exe not found.
File C:\WINDOWS\System32\9162714.exe not found.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.2.1.0 log created on 04072010_162344

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by Belahzur on Thu Apr 08, 2010 12:08 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: antispyware 2010

Post by kestims on Thu Apr 08, 2010 8:20 am

.

c:\documents and settings\All Users\Application Data\_VOIDmfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Compaq_Owner\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Compaq_Owner\rundll32.exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
C:\Thumbs.db
c:\windows\_VOIDxtynticvtg
c:\windows\_VOIDxtynticvtg\_VOIDd.sys
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\Fonts\mlog
c:\windows\system\hpsysdrv .exe
c:\windows\system32\_VOIDcqnyxecbtk.dll
c:\windows\system32\_VOIDknkrheovmy.dat
c:\windows\system32\_VOIDodlttfruyl.dll
c:\windows\system32\_VOIDukebomeulq.dll
c:\windows\system32\1244273.exe
c:\windows\system32\1871561.exe
c:\windows\system32\2681345.exe
c:\windows\system32\2849.exe
c:\windows\system32\4942286.exe
c:\windows\system32\5408899.exe
c:\windows\system32\5444865.exe
c:\windows\system32\5907862.exe
c:\windows\system32\7153131.exe
c:\windows\system32\BtwSvc.dll
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cache329\Thumbs.db
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\_VOIDhtkewvkxwo.sys
c:\windows\system32\drivers\UACdiomgpkmduslkwc.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\hxxcyvf.dll
c:\windows\system32\Install.txt
c:\windows\system32\ms.bin
c:\windows\system32\msuqddft.dll
c:\windows\system32\opear.exe
c:\windows\system32\PereSvc.exe
c:\windows\system32\PowerDes.exe
c:\windows\system32\regsvr32.dll
c:\windows\system32\rundll32 .exe
c:\windows\system32\so.bin
c:\windows\system32\Thumbs.db
c:\windows\system32\UACatmusccvgviugxx.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACxckauffxsswbgwj.db
c:\windows\system32\w.exe
c:\windows\TEMP\mta13187.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

c:\windows\system32\svchost.exe . . . is infected!!

Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\spoolsv.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service__VOIDd.sys
-------\Legacy__VOIDd.sys
-------\Service__VOIDxtynticvtg
-------\Legacy__VOIDxtynticvtg
-------\Legacy_BTWSVC
-------\Legacy_WIZMNICA
-------\Service_BtwSvc
-------\Service_wizmnica
-------\Legacy_peresvc
-------\Service_peresvc


((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 05:23 . 2010-04-08 05:23 200192 ----a-w- c:\windows\system32\8658519.exe
2010-04-08 05:22 . 2010-04-08 05:22 168651 ----a-w- c:\windows\system32\6684992.exe
2010-04-08 05:16 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-08 04:34 . 2010-04-08 04:42 -------- d-----w- C:\32788R22FWJFW
2010-04-08 04:30 . 2010-04-08 05:08 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-04-08 03:11 . 2010-04-08 05:07 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-04-07 21:29 . 2010-04-08 15:41 36864 ----a-w- c:\windows\system32\d.bin
2010-04-07 19:32 . 2010-04-07 19:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\avG
2010-04-07 19:32 . 2010-04-07 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-07 09:44 . 2010-04-07 09:44 -------- d-----w- C:\_OTL
2010-04-07 07:26 . 2010-04-07 07:26 -------- d-----w- c:\program files\Your Protection
2010-04-07 07:16 . 2010-04-07 07:16 991744 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\59CB5BD3040C3AFC3A946845ABB0DDDC\dbf70700.exe
2010-04-07 07:16 . 2010-04-07 07:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\59CB5BD3040C3AFC3A946845ABB0DDDC
2010-04-01 14:13 . 2010-04-01 14:13 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 14:13 . 2010-04-01 14:13 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 14:13 . 2010-04-01 14:13 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 14:13 . 2010-04-01 14:13 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-01 14:13 . 2010-04-01 14:13 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 14:13 . 2010-04-01 14:13 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 14:13 . 2010-04-01 14:13 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 14:13 . 2010-04-01 14:13 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 14:13 . 2010-04-01 14:13 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 14:13 . 2010-04-01 14:13 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 14:13 . 2010-04-01 14:13 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 14:13 . 2010-04-01 14:13 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 14:11 . 2010-04-01 14:11 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 14:09 . 2010-04-01 14:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-01 14:08 . 2010-04-01 14:08 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-31 16:02 . 2010-03-31 16:01 1364522 ----a-w- c:\program files\wrar393.exe
2010-03-13 14:26 . 2010-03-13 14:26 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-13 14:24 . 2010-03-13 14:24 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-13 14:24 . 2010-03-13 14:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 05:50 . 2004-08-04 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-04-08 05:20 . 2007-07-30 02:15 -------- d-----w- c:\program files\Lexmark 1200 Series
2010-04-08 05:20 . 2005-11-14 15:33 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-04-08 05:19 . 2009-11-28 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-07 07:56 . 2009-05-28 04:36 -------- d-----w- c:\program files\CCleaner
2010-04-07 07:17 . 2007-07-30 02:16 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-03-29 22:18 . 2010-01-17 09:46 5918720 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 20:24 . 2009-11-10 04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24 . 2009-11-10 04:30 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 14:26 . 2007-08-01 06:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2010-03-13 18:25 . 2006-02-27 02:47 276232 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 14:24 . 2009-05-22 07:55 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 14:24 . 2007-11-08 04:31 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 14:23 . 2009-05-22 07:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-03 05:16 . 2010-03-03 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 22:43 . 2010-02-22 22:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Pogo Games
2010-02-21 15:46 . 2005-11-14 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 08:51 . 2010-02-20 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TikGames
2010-02-20 08:50 . 2009-05-23 09:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Netscape
2010-02-20 08:49 . 2010-02-03 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-02-20 08:31 . 2006-11-17 01:39 -------- d-----w- c:\program files\Juno
2010-02-08 08:58 . 2007-03-24 07:41 2514 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2010-02-03 13:14 . 2008-01-02 05:47 9216 -csha-w- c:\program files\Thumbs.db
2010-02-03 08:47 . 2010-02-03 08:47 3054384 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-11-20 19:34 . 2009-11-20 19:34 6931008 ----a-w- c:\program files\DJVUCTRL-6.1.4-en-r2013.exe
2006-09-14 02:34 . 2006-09-14 02:34 1921 ----a-w- c:\program files\Adobe Illustrator CS2.lnk
2006-09-14 02:33 . 2006-09-14 02:33 786 ----a-w- c:\program files\install.adb
2006-05-29 22:59 . 2006-06-09 07:41 237568 -c--a-w- c:\program files\magnet.exe
2005-09-22 18:31 . 2005-03-25 13:39 68749 -c--a-w- c:\program files\Illustrator Read Me.pdf
2005-03-25 13:39 . 2005-03-25 13:39 13936 -c--a-r- c:\program files\Activation_ReadMe.htm
2005-03-25 13:36 . 2005-03-25 13:36 1824 -c--a-w- c:\program files\Adobe Illustrator CS2.csa
2007-09-13 02:17 . 2007-09-13 02:17 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
Code:
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Lexmark 1200 Series\lxczbmgr .exe
c:\program files\Lexmark Fax Solutions\fm3032 .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Network Associates\Common Framework\updaterui .exe
c:\program files\PC-Doctor 5 for Windows\pcdsmartmonitor .exe
c:\windows\SMINST\recguard .exe
</pre>

------- Sigcheck -------

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 063E90991783C120CB4AB7198D8AE109 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . D0972A2903A59110634084ED69BD2F36 . 38912 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . C738D2D8718DB8F1E7DF237FF76E397D . 51200 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 5879B03ECC94DDC80A9A978DC7D1F40D . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . E1EB513E34A3D995C38ED073C6381C39 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-08 61952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-08 61952]
"RECGUARD"="c:\windows\SMINST\RECGUARD.EXE" [2010-04-08 61952]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-04-08 61952]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2010-04-08 61952]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2010-04-08 61952]
"PCDrProfiler"="" [N/A]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2010-04-08 61952]
"fzwkht"="c:\windows\system32\msuqddft.dll" [N/A]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-14 51712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-1-8 2138112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 14:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:ftp

R0 tydmworx;tydmworx; [x]
R3 ATIXPGAA;ATIXPGAA;c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [x]
R3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2005-09-08 21120]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - BTWSVC
*NewlyCreated* - PERESVC
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - [You must be registered and logged in to see this link.]
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - [You must be registered and logged in to see this link.]
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D5CC50CD-5B07-4097-8B6B-D21CC857FC4D} - (no file)
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2773555476-112744085-238773407-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,f2,75,49,99,63,14,11,35,0e,54,3c,47,e5,1e,c2,b0,28,f0,b3,5b,02,e8,
0c,be,60,15,7e,47,4f,9d,8b,ce,0a,09,98,12,c1,a0,24,78,9a,a2,b4,b6,d4,c4,29,\
"??"=hex:f7,20,1a,ff,45,41,d8,a0,14,02,48,77,57,1e,88,3a

[HKEY_USERS\S-1-5-21-2773555476-112744085-238773407-1009\Software\SecuROM\License information*]
"datasecu"=hex:aa,91,7c,81,16,cf,f0,d7,83,cc,de,86,9e,b7,36,7f,15,92,b8,c8,da,
95,3f,db,a0,06,07,31,be,ba,86,19,a9,67,1c,73,4d,14,64,0b,e1,16,4f,b8,4f,a0,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\hp\hp software update\hpwuschd2 .exe
c:\windows\system32\w.exe
c:\windows\System32\Rundll32.exe
c:\windows\system32\PereSvc.exe
c:\program files\McAfee Security Scan\1.0.150\McUICnt.exe
.
**************************************************************************
.
Completion time: 2010-04-08 03:12:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-08 08:12
ComboFix2.txt 2007-10-24 16:02

Pre-Run: 64,306,212,864 bytes free
Post-Run: 64,233,254,912 bytes free

- - End Of File - - 8C9691E53EBEBB63484847048EA10D4C

kestims
Novice
Novice

Posts Posts : 9
Joined Joined : 2009-09-23
OS OS : xp
Points Points : 26388
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware 2010

Post by Belahzur on Thu Apr 08, 2010 8:15 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Download the following CFScript attachment I made for you below this post.



  4. Referring to the picture above, drag CFScript into ComboFix.exe
  5. When finished, it shall produce a log for you at C:\ComboFix.txt
  6. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum