Lost

Hello, Sorry it took a while to reply but I was reformatting my computer. I really didn't have anything important saved so I thought it would just be safer to reformat. I just wanted to say thank you for your help and that you can close this thread.

Update: I was actually able to run the Dr.Web Cureit program a couple of times and a screen appeared. However, when I clicked the scan button the computer restarted each time. Most of the time nothing ever pops up when I double click the program. I also tried to download the program from the website but encountered the same problem.

I can download the program from the link to my desktop. When I doubleclick the program itself it loads for a bit but then stops processing and no GUI shows up. I opened the task manager and it shows that drweb-cureit.exe and 48az39.exe are created but are using 0 of the CPU. I tried re-downloading but still doesn't work.

Yes the only problem I have is the freezing. The order of events was: First, I had the Antivirus Live infection. Then I ran Malwarebytes in safe mode which removed all signs of Antivirus Live (no more popups or warnings about viruses). However, after I removed Antivirus Live I had issues with my computer constantly freezing. I ran scans and found nothing so I came here for help. Sorry if I wasn't clear about this before.

As much as I don't want it to happen my computer still continues to freeze up. Whatever was done only seems to delay the problem from happening. My computer can run for longer periods of time but eventually will freeze and have to restart.

It seems to be doing better. I usually freeze within 30 minutes but have not had to. I'm going to test it out some more and post an update tomorrow. If this keeps up it looks like my computer is back to normal. Thank you for helping me.

When I tried to remove the Ask Toolbar program, it gave me the same error message as before. (On a side note the size of the file changed from a number to no numbers at all.) I also went ahead and removed the avira antivirus program.

First off, Happy New Year! I ran GMER one more time and kept saving a file throughout and was able to save a complete scan before my computer froze. I will attach it at the end of the post and the name is GMER2. Here are the two logs that you requested. Logfile of random's system information tool 1.06 (written by random/random) Run by sheehan khuu at 2009-12-31 19:16:12 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 623 GB (87%) free of 715 GB Total RAM: 3327 MB (83% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:16:15 PM, on 12/31/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\libusbd-nt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\sheehan khuu\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\sheehan khuu.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s O4 - HKLM\..\Run: [nwiz] "C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" /install O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe" O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229540675751 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe O23 - Service: VMware View Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- End of file - 8144 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1243460780.job C:\WINDOWS\tasks\wrSpySweeperFullSweep.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-31 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "EVGAPrecision"=C:\Program Files\EVGA Precision\EVGAPrecision.exe [2008-12-22 240656] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\OAui.exe [2009-12-05 6622920] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-31 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-11-06 6515784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-17 39408] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 139536d0\Launcher.exe"="C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 139536d0\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 0d647398\Launcher.exe"="C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 0d647398\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 14e117c0\Launcher.exe"="C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 14e117c0\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe"="C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Half-Life 2\hl2.exe"="C:\Half-Life 2\hl2.exe:*:Disabled:hl2" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Disabled:Ventrilo.exe" "C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game" "C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher" "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" ======List of files/folders created in the last 1 months====== 2009-12-31 19:16:12 ----D---- C:\rsit 2009-12-31 14:13:01 ----D---- C:\Program Files\Common Files\Adobe AIR 2009-12-31 14:12:23 ----D---- C:\Program Files\NOS 2009-12-31 14:12:23 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2009-12-31 14:10:29 ----A---- C:\WINDOWS\system32\javaws.exe 2009-12-31 14:10:28 ----A---- C:\WINDOWS\system32\javaw.exe 2009-12-31 14:10:28 ----A---- C:\WINDOWS\system32\java.exe 2009-12-31 13:50:25 ----D---- C:\_OTL 2009-12-28 15:45:06 ----D---- C:\WINDOWS\Minidump 2009-12-28 15:23:25 ----D---- C:\Documents and Settings\sheehan khuu\Application Data\OnlineArmor 2009-12-28 15:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor 2009-12-28 15:03:31 ----D---- C:\Program Files\Tall Emu 2009-12-28 14:55:06 ----D---- C:\Program Files\Trend Micro 2009-12-28 13:36:31 ----D---- C:\Program Files\Avira 2009-12-28 13:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-12-27 23:10:23 ----D---- C:\Program Files\Phyxion.net 2009-12-27 22:24:52 ----D---- C:\WINDOWS\nvidia icons 2009-12-27 17:46:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-27 15:18:30 ----D---- C:\WINDOWS\pss 2009-12-27 14:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2009-12-27 13:05:02 ----A---- C:\WINDOWS\system32\NVIDIA System Information 12-27-2009 13-04-57.txt 2009-12-26 22:17:08 ----D---- C:\Program Files\Common Files\PC Tools 2009-12-26 15:08:04 ----D---- C:\Documents and Settings\sheehan khuu\Application Data\Malwarebytes 2009-12-26 14:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-12-26 14:39:53 ----A---- C:\WINDOWS\ntbtlog.txt 2009-12-09 02:12:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 02:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 02:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$ 2009-12-09 02:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 02:11:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 02:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-05 15:15:10 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-12-05 15:14:56 ----D---- C:\Program Files\NVIDIA Corporation 2009-12-05 13:44:14 ----D---- C:\Program Files\SystemRequirementsLab 2009-12-05 13:44:10 ----D---- C:\Documents and Settings\sheehan khuu\Application Data\SystemRequirementsLab 2009-12-03 00:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-12-02 00:13:34 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-02 00:13:26 ----D---- C:\Program Files\Reference Assemblies 2009-12-02 00:13:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-12-02 00:13:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-12-02 00:13:07 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-12-02 00:13:07 ----D---- C:\18395dc2a168f10717 ======List of files/folders modified in the last 1 months====== 2009-12-31 19:16:13 ----D---- C:\WINDOWS\Prefetch 2009-12-31 19:15:45 ----D---- C:\WINDOWS\Temp 2009-12-31 19:14:01 ----D---- C:\Program Files\Mozilla Firefox 2009-12-31 19:12:35 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-31 19:11:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-31 16:21:58 ----D---- C:\WINDOWS\system32 2009-12-31 16:21:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-31 14:14:21 ----SHD---- C:\WINDOWS\Installer 2009-12-31 14:14:21 ----D---- C:\Program Files\Adobe 2009-12-31 14:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-12-31 14:13:35 ----D---- C:\Program Files\Common Files\Adobe 2009-12-31 14:13:01 ----D---- C:\Program Files\Common Files 2009-12-31 14:12:23 ----RD---- C:\Program Files 2009-12-31 14:10:01 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-12-31 13:59:03 ----D---- C:\WINDOWS\WinSxS 2009-12-31 13:50:59 ----D---- C:\WINDOWS 2009-12-30 22:54:49 ----D---- C:\Program Files\DAEMON Tools Toolbar 2009-12-29 13:27:52 ----D---- C:\Program Files\Vuze 2009-12-28 18:08:25 ----N---- C:\boot.ini 2009-12-28 18:08:25 ----A---- C:\WINDOWS\win.ini 2009-12-28 18:08:25 ----A---- C:\WINDOWS\system.ini 2009-12-28 15:19:27 ----D---- C:\WINDOWS\system32\drivers 2009-12-28 13:36:45 ----HD---- C:\WINDOWS\inf 2009-12-27 23:27:51 ----D---- C:\WINDOWS\Help 2009-12-27 23:27:10 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-27 23:27:02 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-27 23:22:09 ----D---- C:\NVIDIA 2009-12-27 23:16:55 ----D---- C:\Documents and Settings 2009-12-27 14:10:05 ----D---- C:\WINDOWS\AppPatch 2009-12-27 14:08:03 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-27 14:07:18 ----D---- C:\WINDOWS\SoftwareDistribution 2009-12-27 10:28:39 ----SD---- C:\WINDOWS\Tasks 2009-12-26 22:20:30 ----D---- C:\Program Files\Steam 2009-12-26 22:17:59 ----D---- C:\WINDOWS\system32\config 2009-12-26 22:17:39 ----D---- C:\WINDOWS\system32\wbem 2009-12-26 22:17:39 ----D---- C:\WINDOWS\Registration 2009-12-26 22:17:24 ----D---- C:\Documents and Settings\sheehan khuu\Application Data\Azureus 2009-12-26 22:14:52 ----D---- C:\WINDOWS\system32\Restore 2009-12-26 18:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-12-26 17:29:02 ----RSD---- C:\WINDOWS\Fonts 2009-12-26 15:13:50 ----D---- C:\Program Files\Bonjour 2009-12-26 15:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$ 2009-12-09 02:12:15 ----A---- C:\WINDOWS\imsins.BAK 2009-12-05 15:16:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-05 15:15:45 ----D---- C:\Program Files\AGEIA Technologies 2009-12-04 23:58:25 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-04 23:58:23 ----RSD---- C:\WINDOWS\assembly 2009-12-02 00:13:31 ----D---- C:\WINDOWS\system32\en-us 2009-12-02 00:13:17 ----D---- C:\WINDOWS\system32\spool 2009-12-01 14:06:19 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys [] R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys [] R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-29 56816] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager; C:\WINDOWS\system32\DRIVERS\WSUSBDMAN.sys [2008-11-05 21504] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AFGMp50.sys [] S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AFGSp50.sys [] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928] S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-08 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-08 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-08 21456] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2007-11-15 572416] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-02 721904] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-31 153376] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100] R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-11-06 4048240] R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-12-27 1201640] R2 wsnm;VMware View Client Service; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2008-11-05 147456] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920] S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-08 65795] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-12-31 19:16:18 ======Uninstall list====== -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4} Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001} Airlink101 WLAN Monitor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{47759129-8649-47D1-9EA5-4BB84D86DB97} ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe" ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Curse Client-->C:\Program Files\Curse\uninstall.exe Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe Driver Sweeper 2.1.0-->"C:\Program Files\Phyxion.net\Driver Sweeper\unins000.exe" EVGA Precision 1.4.0-->"C:\Program Files\EVGA Precision\uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70} HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033 iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87} NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe" QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe" Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VMware View Client-->MsiExec.exe /I{B293450B-F652-43D7-B8A1-FB934AB9B173} Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe Webroot AntiVirus with Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins001.exe" /Log="C:\DOCUME~1\SHEEHA~1\LOCALS~1\Temp\Uninstall.txt" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ======Security center information====== AV: Webroot AntiVirus with Spy Sweeper (disabled) AV: AntiVir Desktop (disabled) FW: Online Armor Firewall (disabled) ======System event log====== Computer Name: SHEEHAN Event Code: 26 Message: Failed to set monitor event rule. Record Number: 35232 Source Name: ssidrv Time Written: 20091226195216.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 26 Message: Failed to set monitor event rule. Record Number: 35172 Source Name: ssidrv Time Written: 20091226193126.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 26 Message: Failed to set monitor event rule. Record Number: 35140 Source Name: ssidrv Time Written: 20091226184328.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 1 Message: The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Record Number: 35115 Source Name: sr Time Written: 20091226183527.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 26 Message: Failed to set monitor event rule. Record Number: 35111 Source Name: ssidrv Time Written: 20091226183415.000000-360 Event Type: error User: =====Application event log===== Computer Name: SHEEHAN Event Code: 1000 Message: Faulting application daorigins.exe, version 1.0.9353.0, faulting module msvcr80.dll, version 8.0.50727.3053, fault address 0x000150e4. Record Number: 297 Source Name: Application Error Time Written: 20091227154052.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 1002 Message: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 223 Source Name: Application Hang Time Written: 20091227123014.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 1002 Message: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 222 Source Name: Application Hang Time Written: 20091227122839.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 1002 Message: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 221 Source Name: Application Hang Time Written: 20091227122744.000000-360 Event Type: error User: Computer Name: SHEEHAN Event Code: 1000 Message: Faulting application firefox.exe, version 1.9.0.3623, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3. Record Number: 63 Source Name: Application Error Time Written: 20091226184203.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- GMER2.zip

Hello, I recently tried to run GMER a few more times but still couldn't save the file once the scan was completed. For some reason I could not remove the Ask Toolbar program. I kept receiving the message "Error loading C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll The specified module could not be found." and don't know if this is anything relevant. I was able to complete the rest of the steps and both Malwarebytes and Kaspersky detected nothing. Here are the logs for each of them. Malwarebytes' Anti-Malware 1.42 Database version: 3442 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/31/2009 2:19:27 PM mbam-log-2009-12-31 (14-19-27).txt Scan type: Quick Scan Objects scanned: 136588 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, December 31, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, December 31, 2009 20:44:21 Records in database: 3420229 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Objects scanned: 71866 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:41:14 No threats found. Scanned area is clean. Selected area has been scanned.

Thank you for helping. I was able to run the OTL program and ran the GMER program with all my antivirus software turned off but the program stops responding when I try to save. I will post my OTL files and rerun the GMER program. OTL logfile created on: 12/30/2009 11:25:23 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\sheehan khuu\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 698.63 Gb Total Space | 601.41 Gb Free Space | 86.09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHEEHAN Current User Name: sheehan khuu Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/30 11:22:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sheehan khuu\Desktop\OTL.exe PRC - [2009/12/27 10:45:07 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe PRC - [2009/12/17 01:14:51 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/12/05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe PRC - [2009/11/06 15:19:58 | 06,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe PRC - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe PRC - [2009/11/06 12:00:22 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe PRC - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/12/17 13:23:39 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/12/01 14:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2008/11/05 19:49:20 | 00,147,456 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe PRC - [2005/03/09 19:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe PRC - [2003/04/06 00:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe PRC - [2003/04/06 00:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2003/04/05 23:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe PRC - [2003/04/05 23:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe ========== Modules (SafeList) ========== MOD - [2009/12/30 11:22:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sheehan khuu\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/12/27 10:45:07 | 01,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/12/05 07:53:38 | 03,291,336 | ---- | M] (Tall Emu) [Auto | Stopped] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2009/12/05 07:53:38 | 01,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat) SRV - [2009/11/06 12:00:22 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/05/01 01:01:00 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/12/06 16:38:43 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService) SRV - [2008/12/01 16:35:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2008/12/01 14:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2008/11/05 19:49:20 | 00,147,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm) SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/03/09 19:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd) SRV - [2003/03/08 22:31:02 | 00,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 14:40:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 01:14:54 | 00,000,000 | ---D | M] [2008/12/17 13:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Mozilla\Extensions [2009/12/29 22:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Mozilla\Firefox\Profiles\jewk5as7.default\extensions [2009/06/02 23:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Mozilla\Firefox\Profiles\jewk5as7.default\extensions\DTToolbar@toolbarnet.com [2009/05/16 21:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Mozilla\Firefox\Profiles\jewk5as7.default\extensions\moveplayer@movenetworks.com [2009/06/02 23:20:43 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\Application Data\Mozilla\Firefox\Profiles\jewk5as7.default\searchplugins\daemon-search.xml [2009/12/29 22:54:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1229540675751 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (OWS\S) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/06 16:42:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9f059b11-f677-11dd-a492-001d6a3accaa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 22:24:54 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16892003295952896) ========== Files/Folders - Created Within 14 Days ========== [2009/12/30 11:22:16 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sheehan khuu\Desktop\OTL.exe [2009/12/28 15:45:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/12/28 15:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sheehan khuu\Application Data\OnlineArmor [2009/12/28 15:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2009/12/28 15:03:38 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys [2009/12/28 15:03:38 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys [2009/12/28 15:03:37 | 00,223,312 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys [2009/12/28 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu [2009/12/28 15:02:14 | 11,877,136 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\sheehan khuu\My Documents\OnlineArmor_Setup_Free.exe [2009/12/28 14:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/28 14:54:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sheehan khuu\My Documents\Malware Removal [2009/12/28 13:36:35 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009/12/28 13:36:35 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/28 13:36:35 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009/12/28 13:36:35 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009/12/28 13:36:33 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009/12/28 13:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009/12/28 13:36:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/12/27 23:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\Phyxion.net [2009/12/27 22:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\nvidia icons [2009/12/27 17:46:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/27 17:46:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/27 17:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/27 15:18:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/12/26 22:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/12/26 15:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sheehan khuu\Application Data\Malwarebytes [2009/12/26 14:50:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/08/01 07:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2009/01/20 22:37:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2008/12/25 13:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/12/17 12:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot [2008/12/06 16:44:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/12/06 16:42:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2004/11/24 12:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/30 11:22:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sheehan khuu\Desktop\OTL.exe [2009/12/30 11:21:04 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/30 11:21:04 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/30 11:21:04 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/30 11:16:21 | 00,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009/12/30 11:16:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/30 11:16:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/29 13:40:25 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009/12/29 12:25:07 | 00,004,018 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\Desktop\Attach.zip [2009/12/28 21:22:21 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\NTUSER.DAT [2009/12/28 21:05:03 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\My Documents\dds.scr [2009/12/28 21:02:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/28 21:00:34 | 00,000,020 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\defogger_reenable [2009/12/28 20:59:27 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\Desktop\Defogger.exe [2009/12/28 18:08:25 | 00,000,211 | ---- | M] () -- C:\boot.ini [2009/12/28 18:08:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win.ini [2009/12/28 18:08:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/28 15:23:14 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx [2009/12/28 15:02:41 | 11,877,136 | ---- | M] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\sheehan khuu\My Documents\OnlineArmor_Setup_Free.exe [2009/12/28 14:55:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\Desktop\HijackThis.lnk [2009/12/28 13:36:50 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/12/27 23:14:26 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\sheehan khuu\ntuser.ini [2009/12/27 23:10:24 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Sweeper.lnk [2009/12/27 17:46:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/27 13:05:22 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/12/27 12:22:07 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{ECF8F043-1354-4EA8-9160-3946982F33CE} [2009/12/27 10:44:57 | 00,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk [2009/12/27 10:43:41 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat [2009/12/26 22:22:05 | 00,001,494 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job [2009/12/26 22:18:51 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/21 18:30:30 | 00,102,400 | ---- | M] () -- C:\Documents and Settings\sheehan khuu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/29 12:25:07 | 00,004,018 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Desktop\Attach.zip [2009/12/28 21:05:02 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\My Documents\dds.scr [2009/12/28 21:00:26 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\defogger_reenable [2009/12/28 20:59:27 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Desktop\Defogger.exe [2009/12/28 14:55:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Desktop\HijackThis.lnk [2009/12/28 13:36:50 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/12/27 23:10:24 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Sweeper.lnk [2009/12/27 17:46:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/27 10:44:57 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus.lnk [2009/09/28 22:08:11 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll [2009/09/28 22:08:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2009/06/03 07:06:42 | 00,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys [2009/05/29 22:00:07 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/05/29 22:00:06 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/05/29 21:43:35 | 00,102,400 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/27 15:40:02 | 00,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/05/22 12:29:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini [2009/05/22 12:27:08 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll [2009/05/22 12:27:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll [2009/05/22 12:27:08 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini [2009/01/20 01:33:29 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Local Settings\Application Data\fusioncache.dat [2009/01/19 20:49:39 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\sheehan khuu\Application Data\PnkBstrK.sys [2009/01/16 18:00:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/01/08 17:48:20 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/12/19 08:15:58 | 04,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008/12/17 14:45:02 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008/12/17 14:44:53 | 00,034,524 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008/12/17 14:44:53 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008/12/17 10:41:18 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008/12/17 10:22:58 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008/12/17 10:22:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/12/17 10:17:34 | 00,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008/12/17 09:59:54 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008/12/11 04:27:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/10/07 11:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 11:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 11:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2004/10/03 10:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003/03/08 22:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll ========== LOP Check ========== [2009/05/29 20:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009/11/29 22:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2009/06/02 23:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009/06/02 23:17:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro [2009/12/28 19:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2009/10/18 23:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/01 19:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/12/25 15:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Acreon [2009/12/26 22:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\Azureus [2009/06/02 23:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\DAEMON Tools Lite [2009/06/22 16:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\DAEMON Tools Pro [2009/12/28 15:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\OnlineArmor [2009/12/05 13:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sheehan khuu\Application Data\SystemRequirementsLab [2009/08/30 15:46:08 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1243460780.job [2009/12/26 22:22:05 | 00,001,494 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 06:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > OTL Extras logfile created on: 12/30/2009 11:25:23 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\sheehan khuu\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 698.63 Gb Total Space | 601.41 Gb Free Space | 86.09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHEEHAN Current User Name: sheehan khuu Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 "6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader "6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found "C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 139536d0\Launcher.exe" = C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 139536d0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 0d647398\Launcher.exe" = C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 0d647398\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 14e117c0\Launcher.exe" = C:\Documents and Settings\sheehan khuu\Local Settings\Temp\Blizzard Launcher Temporary - 14e117c0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.) "C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player -- (Apple Inc.) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Half-Life 2\hl2.exe" = C:\Half-Life 2\hl2.exe:*:Disabled:hl2 -- File not found "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.) "C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client -- () "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.) "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Disabled:Ventrilo.exe -- () "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B293450B-F652-43D7-B8A1-FB934AB9B173}" = VMware View Client "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12 "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "AskSBar Uninstall" = Ask Toolbar "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CurseClient" = Curse Client "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "HijackThis" = HijackThis 2.0.2 "HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series "InstallShield_{47759129-8649-47D1-9EA5-4BB84D86DB97}" = Airlink101 WLAN Monitor "InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12 "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OnlineArmor_is1" = Online Armor 4.0 "Precision" = EVGA Precision 1.4.0 "SystemRequirementsLab" = System Requirements Lab "Warcraft III" = Warcraft III "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Xvid_is1" = Xvid 1.2.1 final uninstall ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/26/2009 8:42:03 PM | Computer Name = SHEEHAN | Source = Application Error | ID = 1000 Description = Faulting application firefox.exe, version 1.9.0.3623, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3. Error - 12/27/2009 2:27:44 PM | Computer Name = SHEEHAN | Source = Application Hang | ID = 1002 Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/27/2009 2:28:39 PM | Computer Name = SHEEHAN | Source = Application Hang | ID = 1002 Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/27/2009 2:30:14 PM | Computer Name = SHEEHAN | Source = Application Hang | ID = 1002 Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/27/2009 5:40:52 PM | Computer Name = SHEEHAN | Source = Application Error | ID = 1000 Description = Faulting application daorigins.exe, version 1.0.9353.0, faulting module msvcr80.dll, version 8.0.50727.3053, fault address 0x000150e4. Error - 12/28/2009 5:18:37 PM | Computer Name = SHEEHAN | Source = Application Hang | ID = 1002 Description = Hanging application OnlineArmor_Setup_Free.tmp, version 51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 12/28/2009 1:18:12 AM | Computer Name = SHEEHAN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 12/28/2009 1:22:15 AM | Computer Name = SHEEHAN | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/28/2009 1:51:47 AM | Computer Name = SHEEHAN | Source = ssidrv | ID = 131098 Description = Failed to set monitor event rule. Error - 12/28/2009 4:11:27 PM | Computer Name = SHEEHAN | Source = ssidrv | ID = 131098 Description = Failed to set monitor event rule. Error - 12/28/2009 5:19:54 PM | Computer Name = SHEEHAN | Source = ssidrv | ID = 131098 Description = Failed to set monitor event rule. Error - 12/28/2009 9:27:46 PM | Computer Name = SHEEHAN | Source = ssidrv | ID = 131098 Description = Failed to set monitor event rule. Error - 12/28/2009 11:00:59 PM | Computer Name = SHEEHAN | Source = ssidrv | ID = 131098 Description = Failed to set monitor event rule. Error - 12/29/2009 2:23:00 PM | Computer Name = SHEEHAN | Source = System Error | ID = 1003 Description = Error code 1000007f, parameter1 00000008, parameter2 f771fd70, parameter3 00000000, parameter4 00000000. Error - 12/29/2009 2:23:38 PM | Computer Name = SHEEHAN | Source = System Error | ID = 1003 Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000. Error - 12/29/2009 9:33:02 PM | Computer Name = SHEEHAN | Source = System Error | ID = 1003 Description = Error code 000000f4, parameter1 00000003, parameter2 8aa07da0, parameter3 8aa07f14, parameter4 805d297e. < End of report >

Hello, A few days ago my system was infected with the 'Antivirus Live' program which caused all my antivirus software to not work including Malwarebytes. I restarted my computer in safe mode and stopped the antivirus live process and ran Malwarebytes to remove the trojans which it detected. It seemed that it had removed all the infection but now whenever I am watching a video in any type of media my computer crashes. It also crashes when I am doing multiple tasks. This never happened before the infection so it leads me to believe I didn't remove all of the malware. I ran Malwarebytes which detected nothing bad and anvira which did detect hidden objects. I don't know if this means anything or not. I was able to run the DDS program but the GMER program would keep causing my computer to crash before I could save the file. Thank you in advance for your help Here are the latest anvira and DDS logs: Avira AntiVir Personal Report file date: Monday, December 28, 2009 14:46 Scanning for 1481656 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : SHEEHAN Version information: BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:38:06 VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 19:38:06 VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 19:38:07 VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 19:38:07 VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 19:38:07 VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 19:38:07 VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 19:38:07 VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 19:38:07 VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 19:38:07 VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 19:38:08 VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 19:38:08 VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 19:38:08 VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 19:38:08 VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 19:38:09 VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 19:38:09 VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 19:38:09 VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 19:38:09 VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 19:38:10 VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 19:38:10 VBASE020.VDF : 7.10.2.64 2048 Bytes 12/24/2009 19:38:10 VBASE021.VDF : 7.10.2.65 2048 Bytes 12/24/2009 19:38:10 VBASE022.VDF : 7.10.2.66 2048 Bytes 12/24/2009 19:38:11 VBASE023.VDF : 7.10.2.67 2048 Bytes 12/24/2009 19:38:11 VBASE024.VDF : 7.10.2.68 2048 Bytes 12/24/2009 19:38:11 VBASE025.VDF : 7.10.2.69 2048 Bytes 12/24/2009 19:38:11 VBASE026.VDF : 7.10.2.70 2048 Bytes 12/24/2009 19:38:11 VBASE027.VDF : 7.10.2.71 2048 Bytes 12/24/2009 19:38:11 VBASE028.VDF : 7.10.2.72 2048 Bytes 12/24/2009 19:38:12 VBASE029.VDF : 7.10.2.73 2048 Bytes 12/24/2009 19:38:12 VBASE030.VDF : 7.10.2.74 2048 Bytes 12/24/2009 19:38:12 VBASE031.VDF : 7.10.2.83 118272 Bytes 12/28/2009 19:38:12 Engineversion : 8.2.1.122 AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52 AESCRIPT.DLL : 8.1.3.4 586105 Bytes 12/28/2009 19:38:15 AESCN.DLL : 8.1.3.0 127348 Bytes 12/28/2009 19:38:15 AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44 AERDL.DLL : 8.1.3.4 479605 Bytes 12/28/2009 19:38:14 AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 13:38:40 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38 AEHEUR.DLL : 8.1.0.189 2195833 Bytes 12/28/2009 19:38:14 AEHELP.DLL : 8.1.9.0 237943 Bytes 12/28/2009 19:38:13 AEGEN.DLL : 8.1.1.82 369014 Bytes 12/28/2009 19:38:13 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26 AECORE.DLL : 8.1.9.1 180598 Bytes 12/28/2009 19:38:12 AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Monday, December 28, 2009 14:46 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssfs0bbc\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssfs0bbc\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sshrmd\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sshrmd\security [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssidrv\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssidrv\security [iNFO] The registry entry is invisible. '62299' objects were checked, '6' hidden objects were found. The scan of running processes will be started Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'SSU.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'hposts08.exe' - '1' Module(s) have been scanned Scan process 'wsnm.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'ANIWZCSdS.exe' - '1' Module(s) have been scanned Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'SpySweeperUI.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'WRConsumerService.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '59' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\RECYCLER\S-1-5-21-343818398-1229272821-839522115-1004\Dc124.exe [0] Archive type: CAB SFX (self extracting) --> \data1.hdr [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINDOWS\system32\SsiEfr.exe [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: Monday, December 28, 2009 15:17 Used time: 31:17 Minute(s) The scan has been done completely. 13477 Scanned directories 271729 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 3 Files cannot be scanned 271726 Files not concerned 2674 Archives were scanned 5 Warnings 1 Notes 62299 Objects were scanned with rootkit scan 6 Hidden objects were found DDS (Ver_09-12-01.01) - NTFSx86 Run by sheehan khuu at 21:06:12.67 on Mon 12/28/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2660 [GMT -6:00] AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597} AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Tall Emu\Online Armor\OAui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\WINDOWS\system32\libusbd-nt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\sheehan khuu\My Documents\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://yahoo.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe" mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s mRun: [nwiz] "c:\program files\nvidia corporation\nview\nwiz.exe" /install mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe" mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229540675751 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sheeha~1\applic~1\mozilla\firefox\profiles\jewk5as7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\documents and settings\sheehan khuu\application data\mozilla\firefox\profiles\jewk5as7.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\sheehan khuu\application data\mozilla\firefox\profiles\jewk5as7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-28 11608] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-12-28 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-12-28 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-12-28 29776] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-28 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-28 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-28 55656] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-12-28 1282248] R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-12-28 3291336] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-6-23 1201640] R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2008-11-5 147456] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-6-3 33792] R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [2008-11-5 21504] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-29 25832] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2007-11-15 572416] =============== Created Last 30 ================ 2009-12-29 03:00:26 20 ----a-w- c:\documents and settings\sheehan khuu\defogger_reenable 2009-12-28 21:23:25 0 d-----w- c:\docume~1\sheeha~1\applic~1\OnlineArmor 2009-12-28 21:23:25 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2009-12-28 21:03:38 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-12-28 21:03:38 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-12-28 21:03:37 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-12-28 21:03:31 0 d-----w- c:\program files\Tall Emu 2009-12-28 20:55:06 0 d-----w- c:\program files\Trend Micro 2009-12-28 19:36:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-28 19:36:31 0 d-----w- c:\program files\Avira 2009-12-28 19:36:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2009-12-28 05:10:23 0 d-----w- c:\program files\Phyxion.net 2009-12-28 04:24:52 0 d-----w- c:\windows\nvidia icons 2009-12-27 23:46:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-27 23:46:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-27 23:46:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-27 21:18:30 0 d-----w- c:\windows\pss 2009-12-27 20:07:55 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2009-12-27 04:17:39 0 d-----w- c:\windows\system32\wbem\Repository 2009-12-27 04:17:08 0 d-----w- c:\program files\common files\PC Tools 2009-12-26 21:08:04 0 d-----w- c:\docume~1\sheeha~1\applic~1\Malwarebytes 2009-12-26 20:50:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-05 21:15:10 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2009-12-05 21:14:56 0 d-----w- c:\program files\NVIDIA Corporation 2009-12-05 21:14:15 8743 ----a-w- c:\windows\system32\nvinfo.pb 2009-12-05 19:44:14 0 d-----w- c:\program files\SystemRequirementsLab 2009-12-03 04:34:07 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat 2009-12-02 06:13:34 0 d-----w- c:\windows\system32\XPSViewer 2009-12-02 06:13:07 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-02 06:13:07 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-02 06:13:07 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-02 06:13:07 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-02 06:13:07 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-02 06:13:07 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-02 06:13:07 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-02 06:13:07 0 d-----w- C:\18395dc2a168f10717 2009-11-30 04:11:26 0 d-----w- c:\docume~1\alluse~1\applic~1\BioWare 2009-11-30 04:06:59 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-11-30 03:46:22 0 d-----w- c:\program files\Dragon Age 2009-11-30 03:43:58 0 d-----w- c:\program files\common files\BioWare ==================== Find3M ==================== 2009-11-06 21:19:42 1563008 ----a-w- c:\windows\WRSetup.dll 2009-11-06 18:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys 2009-11-06 18:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys 2009-11-06 18:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys 2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll ============= FINISH: 21:08:01.89 =============== Attach.zip