Jump to content

randino

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by randino

  1. I did.. Everything seems to be running well. Thank you very much for your help.
  2. Virus Total Results: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: hP02400NcCkK02400 Submission date: 2011-06-01 22:07:40 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.06.02.00 2011.06.01 - AntiVir 7.11.8.220 2011.06.01 - Antiy-AVL 2.0.3.7 2011.06.01 - Avast 4.8.1351.0 2011.06.01 - Avast5 5.0.677.0 2011.06.01 - AVG 10.0.0.1190 2011.06.01 - BitDefender 7.2 2011.06.02 - CAT-QuickHeal 11.00 2011.06.01 - ClamAV 0.97.0.0 2011.06.01 - Commtouch 5.3.2.6 2011.06.01 - Comodo 8913 2011.06.01 - DrWeb 5.0.2.03300 2011.06.01 - Emsisoft 5.1.0.5 2011.06.01 - eSafe 7.0.17.0 2011.05.31 - eTrust-Vet 36.1.8361 2011.06.01 - F-Prot 4.6.2.117 2011.06.01 - F-Secure 9.0.16440.0 2011.06.01 - Fortinet 4.2.257.0 2011.06.01 - GData 22 2011.06.01 - Ikarus T3.1.1.104.0 2011.06.01 - Jiangmin 13.0.900 2011.06.01 - K7AntiVirus 9.104.4750 2011.06.01 - Kaspersky 9.0.0.837 2011.06.01 - McAfee 5.400.0.1158 2011.06.01 - McAfee-GW-Edition 2010.1D 2011.06.01 - Microsoft 1.6903 2011.06.01 - NOD32 6172 2011.06.01 - Norman 6.07.07 2011.06.01 - nProtect 2011-06-01.01 2011.06.01 - Panda 10.0.3.5 2011.06.01 - PCTools 7.0.3.5 2011.06.01 - Prevx 3.0 2011.06.02 - Rising 23.60.02.03 2011.06.01 - Sophos 4.65.0 2011.06.01 - SUPERAntiSpyware 4.40.0.1006 2011.06.01 - Symantec 20111.1.0.186 2011.06.01 - TheHacker 6.7.0.1.215 2011.06.01 - TrendMicro 9.200.0.1012 2011.06.01 - TrendMicro-HouseCall 9.200.0.1012 2011.06.01 - VBA32 3.12.16.0 2011.06.01 - VIPRE 9458 2011.06.01 - ViRobot 2011.6.1.4490 2011.06.01 - VirusBuster 14.0.62.0 2011.06.01 - Additional information Show all MD5 : 341fa16001bc56a920c6e6661fedf11a SHA1 : 5e420c478fe894ed9fda78fb4935154dac8a76f3 SHA256: 27732b204459cbe7ab5d2d8e704223ee3665dcf6eb25ab0ec1a151931701a6ac
  3. Security Check Results Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! AVG 2011 ESET Online Scanner v3 Adobe After Effects CS3 Presets Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.1.102.64 Adobe Reader 9.3.3 Out of date Adobe Reader installed! Mozilla Firefox (3.6.17) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe ``````````End of Log````````````
  4. ESET Online Scanner Results ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=7306194ae9f11042b13b49eb07ae052e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-30 11:44:36 # local_time=2011-05-30 07:44:36 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1032 16777173 100 95 0 49853368 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=124180 # found=5 # cleaned=5 # scan_time=9053 C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\320a219e-606acdac a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Randy\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-6b8b5fee a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Randy\Application Data\Sun\Java\Deployment\cache\6.0\48\17d74b0-4fc349d1 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Randy\Application Data\Sun\Java\Deployment\cache\6.0\48\606148b0-3933140f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{96266433-12FD-4E92-BF2D-C1B75ED7045A}\RP117\A0050778.dll a variant of Win32/Kryptik.OAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  5. "Is there anything in this folder: c:\documents and settings\All Users\Application Data\hP02400NcCkK02400?" Yes there is a file with the same name. Should I delete this? I am also running the other scans and will post results. thanks.
  6. My programs have reappeared, and it seems as everything is back to normal. Much thanks!!!! Here is the log: ComboFix 11-05-26.01 - Randy 05/26/2011 21:11:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1559 [GMT -4:00] Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Randy\2gweorjqjutp92vjy9gake c:\documents and settings\Randy\Application Data\Adobe\plugs c:\documents and settings\Randy\Application Data\Adobe\shed c:\documents and settings\Randy\Application Data\Adobe\shed\thr1.chm c:\documents and settings\Randy\GoToAssistDownloadHelper.exe c:\documents and settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} c:\documents and settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}\chrome.manifest c:\documents and settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}\chrome\content\_cfg.js c:\documents and settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}\chrome\content\overlay.xul c:\documents and settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}\install.rdf c:\documents and settings\Randy\WINDOWS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))))) . . 2011-05-12 21:56 . 2011-05-13 20:20 0 ----a-w- c:\windows\Ghakequwezanonul.bin 2011-05-12 21:55 . 2011-05-13 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\hP02400NcCkK02400 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2010-04-23 22:25 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-04 10:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088] "nwiz"="nwiz.exe" [2008-05-07 1630208] "NVHotkey"="nvHotkey.dll" [2008-05-07 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-07 86016] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-08-01 65536] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-30 624248] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-7-30 2158592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-04-23 22:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= . R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [5/7/2010 6:44 PM 39480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2010-05-10 c:\windows\Tasks\expressripShakeIcon.job - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-05-07 22:44] . 2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003Core.job - c:\documents and settings\Randy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 21:30] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003UA.job - c:\documents and settings\Randy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 21:30] . 2010-05-07 c:\windows\Tasks\soundtapSevenDays.job - c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-05-07 22:44] . 2010-05-07 c:\windows\Tasks\soundtapShakeIcon.job - c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-05-07 22:44] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bd24857&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-hpqSRMon - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-26 21:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9n.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9n.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1184) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll . - - - - - - - > 'explorer.exe'(2320) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\SCardSvr.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\DellTPad\ApMsgFwd.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2011-05-26 21:23:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-27 01:23 . Pre-Run: 9,185,968,128 bytes free Post-Run: 10,928,803,840 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 6B3AA8883A576AE91BFDD14CE9BAEF15
  7. Thanks for your reply. Here are the logs... MBAM Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6569 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/15/2011 7:22:19 PM mbam-log-2011-05-15 (19-22-19).txt Scan type: Quick scan Objects scanned: 0 Time elapsed: 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------------------------------------- . DDS (Ver_11-03-05.01) - NTFSx86 Run by Randy at 20:00:29.95 on Mon 05/16/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1124 [GMT -4:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\DellTPad\Apoint.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Randy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [Google Update] "c:\documents and settings\randy\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272064404126 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\randy\applic~1\mozilla\firefox\profiles\3rj20mrl.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bd24857&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\randy\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {D1210C8B-58C7-4983-AFF9-9F01FCEE013B} - c:\documents and settings\randy\local settings\application data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-23 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-23 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-23 243152] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-5-7 39480] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528] . =============== Created Last 30 ================ . 2011-05-14 00:08:59 502095 ----a-w- c:\windows\unhide.exe 2011-05-12 21:56:48 0 ----a-w- c:\windows\Ghakequwezanonul.bin 2011-05-12 21:56:47 -------- d-----w- c:\docume~1\randy\locals~1\applic~1\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} 2011-05-12 21:55:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\hP02400NcCkK02400 2011-04-22 21:40:42 -------- d-----w- c:\docume~1\randy\applic~1\PMS 2011-04-22 21:40:13 -------- d-----w- c:\program files\PS3 Media Server . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 20:06:16.45 =============== Thanks again..
  8. Hello, (I just created this as a separate thread as per instruction for unknowingly hijacking a thread with the same exact problem.) I was recently infected by the Windows Restore virus. I went through procedures and am mostly confident that I have successfully removed the virus, but I still cannot see my desktop icons even though I know they have not been wiped out. Can someone assist me in putting them back on my desktop. Running Windows XP. I have already run and have logs ready for: MWAB - TDSSKILLER- OTL Thank you in advance.
  9. who cares if I "HIJACKED" your thread? I have the same problem as you, and instead of starting a new thread, I followed the instructions given by the moderator.
  10. MBAM- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6569 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 5/13/2011 6:52:18 PM mbam-log-2011-05-13 (18-52-18).txt Scan type: Full scan (C:\|) Objects scanned: 296299 Time elapsed: 45 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Not selected for removal. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bjovixib (IPH.Trojan.Hiloti.B) -> Value: Bjovixib -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QbloLqqPgBaYHX (Rogue.Installer.Gen) -> Value: QbloLqqPgBaYHX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bjusitulob (Trojan.Hiloti) -> Value: Bjusitulob -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hP02400NcCkK02400 (Trojan.FakeAlert) -> Value: hP02400NcCkK02400 -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\Randy\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\usuzucul.dll (IPH.Trojan.Hiloti.B) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\qblolqqpgbayhx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\mpuinwr.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\hp02400ncckk02400\hp02400ncckk02400.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\18013988.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\Randy\application data\Sun\Java\deployment\cache\6.0\43\6deb826b-6dbfb9e0 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{96266433-12fd-4e92-bf2d-c1b75ed7045a}\RP117\A0049758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\system32\drivers\884400.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\WINDOWS\system32\spool\prtprocs\w32x86\612405.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Randy\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\documents and settings\Randy\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\documents and settings\Randy\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\documents and settings\Randy\application data\Adobe\plugs\mmc179.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Randy\application data\Adobe\plugs\mmc208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  11. I am not sure if you were telling me to post the Kaspersky and MBAM logs but here they are: 2011/05/15 19:19:16.0718 5068 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/05/15 19:19:19.0296 5068 ================================================================================ 2011/05/15 19:19:19.0296 5068 SystemInfo: 2011/05/15 19:19:19.0296 5068 2011/05/15 19:19:19.0296 5068 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/15 19:19:19.0296 5068 Product type: Workstation 2011/05/15 19:19:19.0296 5068 ComputerName: RANDY-B30E658C7 2011/05/15 19:19:19.0296 5068 UserName: Randy 2011/05/15 19:19:19.0296 5068 Windows directory: C:\WINDOWS 2011/05/15 19:19:19.0296 5068 System windows directory: C:\WINDOWS 2011/05/15 19:19:19.0296 5068 Processor architecture: Intel x86 2011/05/15 19:19:19.0312 5068 Number of processors: 2 2011/05/15 19:19:19.0312 5068 Page size: 0x1000 2011/05/15 19:19:19.0312 5068 Boot type: Normal boot 2011/05/15 19:19:19.0312 5068 ================================================================================ 2011/05/15 19:19:19.0796 5068 Initialize success 2011/05/15 19:19:21.0343 5452 ================================================================================ 2011/05/15 19:19:21.0343 5452 Scan started 2011/05/15 19:19:21.0343 5452 Mode: Manual; 2011/05/15 19:19:21.0343 5452 ================================================================================ 2011/05/15 19:19:22.0515 5452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/15 19:19:22.0562 5452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/15 19:19:22.0625 5452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/15 19:19:22.0687 5452 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/05/15 19:19:22.0750 5452 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/15 19:19:22.0937 5452 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/05/15 19:19:23.0000 5452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/15 19:19:23.0125 5452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/15 19:19:23.0156 5452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/15 19:19:23.0187 5452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/15 19:19:23.0234 5452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/15 19:19:23.0296 5452 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys 2011/05/15 19:19:23.0343 5452 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys 2011/05/15 19:19:23.0390 5452 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys 2011/05/15 19:19:23.0437 5452 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/05/15 19:19:23.0500 5452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/15 19:19:23.0562 5452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/15 19:19:23.0609 5452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/15 19:19:23.0656 5452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/15 19:19:23.0734 5452 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/15 19:19:23.0796 5452 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 2011/05/15 19:19:23.0859 5452 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/05/15 19:19:23.0906 5452 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/05/15 19:19:24.0000 5452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/15 19:19:24.0078 5452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/15 19:19:24.0156 5452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/15 19:19:24.0203 5452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/15 19:19:24.0234 5452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/15 19:19:24.0296 5452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/15 19:19:24.0343 5452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/15 19:19:24.0390 5452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/05/15 19:19:24.0421 5452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/15 19:19:24.0453 5452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/15 19:19:24.0531 5452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/15 19:19:24.0578 5452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/15 19:19:24.0609 5452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/15 19:19:24.0640 5452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/15 19:19:24.0703 5452 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys 2011/05/15 19:19:24.0734 5452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/15 19:19:24.0843 5452 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/05/15 19:19:24.0890 5452 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/05/15 19:19:24.0953 5452 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/05/15 19:19:24.0984 5452 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/05/15 19:19:25.0062 5452 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/05/15 19:19:25.0140 5452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/15 19:19:25.0234 5452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/15 19:19:25.0281 5452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/15 19:19:25.0359 5452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/15 19:19:25.0406 5452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/15 19:19:25.0468 5452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/15 19:19:25.0500 5452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/15 19:19:25.0562 5452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/15 19:19:25.0593 5452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/15 19:19:25.0640 5452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/15 19:19:25.0687 5452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/15 19:19:25.0718 5452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/15 19:19:25.0750 5452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/15 19:19:25.0781 5452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/15 19:19:25.0859 5452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/05/15 19:19:25.0921 5452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/15 19:19:25.0953 5452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/15 19:19:26.0000 5452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/15 19:19:26.0015 5452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/15 19:19:26.0062 5452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/15 19:19:26.0125 5452 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/15 19:19:26.0187 5452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/15 19:19:26.0234 5452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/15 19:19:26.0265 5452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/15 19:19:26.0296 5452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/15 19:19:26.0343 5452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/15 19:19:26.0375 5452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/15 19:19:26.0421 5452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/15 19:19:26.0468 5452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/15 19:19:26.0500 5452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/15 19:19:26.0531 5452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/15 19:19:26.0593 5452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/15 19:19:26.0625 5452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/15 19:19:26.0656 5452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/15 19:19:26.0781 5452 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/05/15 19:19:26.0859 5452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/15 19:19:26.0875 5452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/15 19:19:26.0953 5452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/15 19:19:26.0984 5452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/15 19:19:27.0234 5452 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/05/15 19:19:27.0515 5452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/15 19:19:27.0546 5452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/15 19:19:27.0609 5452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/15 19:19:27.0656 5452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/05/15 19:19:27.0687 5452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/15 19:19:27.0750 5452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/15 19:19:27.0765 5452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/15 19:19:27.0828 5452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/15 19:19:27.0859 5452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/05/15 19:19:28.0062 5452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/15 19:19:28.0109 5452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/15 19:19:28.0156 5452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/15 19:19:28.0312 5452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/15 19:19:28.0359 5452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/15 19:19:28.0390 5452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/15 19:19:28.0406 5452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/15 19:19:28.0437 5452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/15 19:19:28.0468 5452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/15 19:19:28.0484 5452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/15 19:19:28.0546 5452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/15 19:19:28.0593 5452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/15 19:19:28.0671 5452 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/05/15 19:19:28.0703 5452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/15 19:19:28.0750 5452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/15 19:19:28.0781 5452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/15 19:19:28.0812 5452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/15 19:19:28.0875 5452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/15 19:19:28.0906 5452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/15 19:19:28.0968 5452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/15 19:19:29.0031 5452 stdriver (aff9b72822e0f17a6889b386d05e569a) C:\WINDOWS\system32\DRIVERS\stdriver32.sys 2011/05/15 19:19:29.0125 5452 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/05/15 19:19:29.0187 5452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/15 19:19:29.0234 5452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/15 19:19:29.0343 5452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/15 19:19:29.0421 5452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/15 19:19:29.0484 5452 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINDOWS\system32\Drivers\tcusb.sys 2011/05/15 19:19:29.0515 5452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/15 19:19:29.0562 5452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/15 19:19:29.0609 5452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/15 19:19:29.0671 5452 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 2011/05/15 19:19:29.0718 5452 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 2011/05/15 19:19:29.0750 5452 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 2011/05/15 19:19:29.0812 5452 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2011/05/15 19:19:29.0859 5452 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 2011/05/15 19:19:29.0906 5452 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 2011/05/15 19:19:29.0937 5452 Tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 2011/05/15 19:19:29.0984 5452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/15 19:19:30.0062 5452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/15 19:19:30.0156 5452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/15 19:19:30.0187 5452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/15 19:19:30.0234 5452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/15 19:19:30.0281 5452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/15 19:19:30.0343 5452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/15 19:19:30.0421 5452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/15 19:19:30.0468 5452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/15 19:19:30.0500 5452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/15 19:19:30.0562 5452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/15 19:19:30.0609 5452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/15 19:19:30.0687 5452 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/05/15 19:19:30.0750 5452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/15 19:19:30.0812 5452 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/05/15 19:19:30.0937 5452 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 2011/05/15 19:19:30.0968 5452 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/05/15 19:19:31.0062 5452 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/15 19:19:31.0140 5452 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/15 19:19:31.0218 5452 zumbus (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys 2011/05/15 19:19:31.0578 5452 ================================================================================ 2011/05/15 19:19:31.0578 5452 Scan finished 2011/05/15 19:19:31.0578 5452 ================================================================================
  12. Hello Spy Sentinel- I have the same exact problem. I have removed the virus, but still cannot access my programs. I have followed your steps through the OTL with my results as follows: OTL logfile created on: 5/13/2011 7:53:49 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Randy\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.47 Gb Total Space | 8.68 Gb Free Space | 11.66% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: RANDY-B30E658C7 | User Name: Randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Randy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation) PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Randy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.) SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (stdriver) -- C:\WINDOWS\system32\drivers\stdriver32.sys (NCH Software) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.google.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {D1210C8B-58C7-4983-AFF9-9F01FCEE013B}:1.9.1 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4bd24857&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 14:27:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/09 18:02:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}: C:\Documents and Settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} [2011/05/12 17:56:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 21:37:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:37:43 | 000,000,000 | ---D | M] [2010/04/23 21:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Extensions [2011/05/13 19:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions [2010/07/18 14:11:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/06/28 22:12:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/04/21 21:01:39 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\toolbar@ask.com [2011/05/12 17:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/12/17 17:55:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/28 22:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/01/27 10:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/05/12 17:56:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RANDY\LOCAL SETTINGS\APPLICATION DATA\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} [2010/11/24 14:27:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX [2011/05/09 18:02:38 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED [2010/06/28 22:11:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011/02/02 10:58:47 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml Hosts file not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272064404126 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/23 18:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9e45cb25-5331-11df-994a-001a6b79da97}\Shell\AutoRun\command - "" = E:\Launch.exe O33 - MountPoints2\{bc86791f-c81f-11df-996c-001a6b79da97}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{bc86791f-c81f-11df-996c-001a6b79da97}\Shell\Install\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/13 19:51:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe [2011/05/13 18:01:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Randy\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/13 17:58:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011/05/13 17:43:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Randy\Recent [2011/05/12 17:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Desktop\tdsskiller [2011/05/12 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} [2011/05/12 17:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hP02400NcCkK02400 [2011/04/22 22:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Desktop\music [2011/04/22 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PS3 Media Server [2011/04/22 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\PMS [2011/04/22 17:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/13 19:51:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe [2011/05/13 19:50:51 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/05/13 19:50:51 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/05/13 19:50:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003UA.job [2011/05/13 19:49:58 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\New Internet Shortcut.url [2011/05/13 19:49:48 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2011/05/13 19:46:35 | 000,034,722 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2011/05/13 19:46:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/13 19:46:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/13 19:46:09 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys [2011/05/13 19:18:47 | 075,984,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/05/13 18:06:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/13 18:03:42 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\unhide.exe [2011/05/13 18:01:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Randy\Desktop\mbam-setup-1.50.1.1100.exe [2011/05/13 17:31:44 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18013988 [2011/05/13 16:20:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ctumexuluqizevax.dat [2011/05/13 16:20:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ghakequwezanonul.bin [2011/05/12 17:56:45 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\tdsskiller.zip [2011/05/12 17:54:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Randy\2gweorjqjutp92vjy9gake [2011/05/12 16:50:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/10 22:15:58 | 000,089,075 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\J Coren Resume.pdf [2011/05/10 22:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/05/10 21:50:50 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Google Chrome.lnk [2011/05/05 15:52:30 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/05/04 19:43:52 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Randy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/02 13:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003Core.job [2011/04/22 18:06:44 | 000,000,519 | ---- | M] () -- C:\music.lnk [2011/04/22 18:06:44 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\music.lnk [2011/04/22 17:49:42 | 000,136,206 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Untitled.jpg [2011/04/16 13:14:30 | 001,440,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/16 12:41:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/13 19:49:53 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\New Internet Shortcut.url [2011/05/13 19:46:09 | 2145,349,632 | -HS- | C] () -- C:\hiberfil.sys [2011/05/13 18:06:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/13 18:03:41 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\unhide.exe [2011/05/13 17:31:44 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18013988 [2011/05/12 17:56:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ctumexuluqizevax.dat [2011/05/12 17:56:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ghakequwezanonul.bin [2011/05/12 17:56:43 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\tdsskiller.zip [2011/05/12 17:54:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Randy\2gweorjqjutp92vjy9gake [2011/05/10 22:15:58 | 000,089,075 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\J Coren Resume.pdf [2011/04/22 18:07:37 | 000,000,519 | ---- | C] () -- C:\music.lnk [2011/04/22 18:06:26 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\music.lnk [2011/04/22 18:02:55 | 004,857,856 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\03 In The Aeroplane Over The Sea [Neutral Milk Hotel In The Aeroplane Over The Sea].mp3 [2011/04/22 17:49:40 | 000,136,206 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Untitled.jpg [2010/10/20 19:37:03 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2010/09/10 20:05:43 | 000,157,467 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2010/09/10 20:05:43 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2010/07/16 18:53:41 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll [2010/07/16 18:53:41 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll [2010/07/08 22:54:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/06 23:28:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/07/06 23:28:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/05/25 17:57:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/05/23 16:26:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/04/28 22:01:32 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Randy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/23 21:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/04/23 19:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2010/04/23 19:17:06 | 000,066,915 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2010/04/23 19:01:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2010/04/23 19:01:15 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2010/04/23 19:01:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2010/04/23 19:01:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2010/04/23 19:01:13 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2010/04/23 19:01:13 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2010/04/23 19:01:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2010/04/23 19:01:11 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2010/04/23 18:39:47 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010/04/23 18:32:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/04/23 18:25:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/04/23 14:17:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/04/23 14:15:48 | 001,440,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 06:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/08/04 06:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== LOP Check ========== [2011/01/30 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2010/04/23 21:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/04/23 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2011/03/17 21:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/12/14 23:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/04/23 19:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2010/09/10 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\gtk-2.0 [2010/05/07 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\NCH Swift Sound [2011/04/22 17:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\PMS [2010/11/07 19:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\uTorrent [2010/05/10 19:02:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job [2011/05/10 22:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2010/05/07 18:44:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapSevenDays.job [2010/05/07 18:44:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/13/2011 7:53:49 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Randy\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.47 Gb Total Space | 8.68 Gb Free Space | 11.66% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: RANDY-B30E658C7 | User Name: Randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise) Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR) "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{0742B739-DCA3-4A21-AADD-B7CBF49C2058}" = Adobe Premiere Pro CS3 Third Party Content "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 23 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE) "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT) "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update "{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}" = Adobe Soundbooth CS3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200 "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888FFC82-688D-46AB-A776-B417885432B6}" = Zune "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs "{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}" = Adobe Premiere Pro CS3 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.