Infected Trojan.Gen.2 / win32/TrojanDownloader.Unruy.BNtrojan

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Infected Trojan.Gen.2 / win32/TrojanDownloader.Unruy.BNtrojan Need help. Have made mistakes before finding bleeping...

#1 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 17 May 2011 - 11:41 AM

My wife's work computer was, and I beleive still is, infected with the Trajan.Gen.2 / win32/TrojanDownloader.Unruy.BNtrojan.

Today I have followed bleepingcomputer's Preparation guide (logs follow)but unfortunately I have made some mistakes in the last ten days:

When the computer was infected it was running Symantec Enpoint Protection (for some reason it wasn't updating it's definitions). I had success in the past with malwarebytes so I tried it thinking it would fix it. Then, unfortunately, I messed up and ran ESET NOD32 without unchecking the 'fix errors'. It found 38 infected files! Now I run the scan and it shows clear but it certainly is not!

So most recently (the way I found bleepingcomputers.com) I was on Malwarebytes.org and found what looked like straightforward instructions here: http://forums.malwarebytes.org/index.php?showtopic=51894 . Unfortunately, I couldn't install the recovery console to complete their reccomended course. When I ran the Dell XP disk it told me I had a later version of XP on the machine so I backed out so I could research if that was a problem (I think the problem was that the disk was SP2 and we are running sp3). When I've gone back to try it again I can't even get that far. I get a run error: "d:\i386 refers to a location that is unavailable. It could be on a hard drive or..."

Most recent symptoms:

I tried to turn the computer on and log in under Normal mode with Networking this AM and got a blue screen error:
P: c0000f56 unkownd Hard Error
nown Hard Error

I am still seeing redirection in Internet Explorer.

I am still seeing SVCHost CPU soaring.

Just FYI: I have been running in safe mode through following bleepingcopmuter's prep guide.

THANK YOU IF YOU MADE IT THIS FAR!!!

Sincerely,

Attached File(s)

Attach.txt (19.77K)
Number of downloads: 2
ark.txt (1.58K)
Number of downloads: 2

#2 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 17 May 2011 - 06:24 PM

Hello needingbleepinghelp,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

2.
Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

download

OTL

This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
volsnap.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
5. Push the Quick Scan button.
6. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Things to include in your next reply::
TDssKiller log
aswMBR log
OTl.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#3 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 17 May 2011 - 10:35 PM

Hello fireman4it:

Thank you for your help. I have tried to precisely follow your directions.

Here is the logTDssKiller Log:
2011/05/17 21:59:08.0890 0972 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 21:59:09.0484 0972 ================================================================================
2011/05/17 21:59:09.0484 0972 SystemInfo:
2011/05/17 21:59:09.0484 0972
2011/05/17 21:59:09.0484 0972 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 21:59:09.0484 0972 Product type: Workstation
2011/05/17 21:59:09.0484 0972 ComputerName: TAWNYA
2011/05/17 21:59:09.0484 0972 UserName: elizabeth
2011/05/17 21:59:09.0484 0972 Windows directory: C:\WINDOWS
2011/05/17 21:59:09.0484 0972 System windows directory: C:\WINDOWS
2011/05/17 21:59:09.0484 0972 Processor architecture: Intel x86
2011/05/17 21:59:09.0484 0972 Number of processors: 2
2011/05/17 21:59:09.0484 0972 Page size: 0x1000
2011/05/17 21:59:09.0484 0972 Boot type: Safe boot with network
2011/05/17 21:59:09.0484 0972 ================================================================================
2011/05/17 21:59:09.0796 0972 Initialize success
2011/05/17 22:00:11.0500 0948 ================================================================================
2011/05/17 22:00:11.0500 0948 Scan started
2011/05/17 22:00:11.0500 0948 Mode: Manual;
2011/05/17 22:00:11.0500 0948 ================================================================================
2011/05/17 22:00:12.0750 0948 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/17 22:00:12.0812 0948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 22:00:12.0859 0948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 22:00:12.0921 0948 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/17 22:00:12.0937 0948 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/17 22:00:13.0015 0948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 22:00:13.0062 0948 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 22:00:13.0109 0948 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/17 22:00:13.0140 0948 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/17 22:00:13.0171 0948 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/17 22:00:13.0218 0948 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/17 22:00:13.0265 0948 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/17 22:00:13.0328 0948 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/17 22:00:13.0359 0948 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/17 22:00:13.0406 0948 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/17 22:00:13.0437 0948 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/17 22:00:13.0515 0948 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/17 22:00:13.0546 0948 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/17 22:00:13.0593 0948 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/17 22:00:13.0703 0948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 22:00:13.0734 0948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 22:00:13.0828 0948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 22:00:13.0875 0948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 22:00:13.0968 0948 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/17 22:00:14.0031 0948 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/17 22:00:14.0078 0948 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/17 22:00:14.0109 0948 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/17 22:00:14.0156 0948 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/17 22:00:14.0203 0948 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/17 22:00:14.0265 0948 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/17 22:00:14.0312 0948 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/17 22:00:14.0421 0948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 22:00:14.0609 0948 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/17 22:00:14.0640 0948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 22:00:14.0703 0948 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/17 22:00:14.0781 0948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 22:00:14.0812 0948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 22:00:14.0859 0948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 22:00:14.0984 0948 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/17 22:00:15.0031 0948 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/05/17 22:00:15.0078 0948 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/17 22:00:15.0171 0948 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/17 22:00:15.0265 0948 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/17 22:00:15.0296 0948 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/17 22:00:15.0390 0948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 22:00:15.0484 0948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 22:00:15.0546 0948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 22:00:15.0578 0948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 22:00:15.0640 0948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 22:00:15.0703 0948 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/17 22:00:15.0765 0948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 22:00:15.0812 0948 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/17 22:00:15.0859 0948 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/17 22:00:15.0984 0948 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/05/17 22:00:16.0046 0948 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/05/17 22:00:16.0093 0948 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/17 22:00:16.0250 0948 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/17 22:00:16.0296 0948 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/17 22:00:16.0468 0948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 22:00:16.0531 0948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 22:00:16.0578 0948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 22:00:16.0609 0948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 22:00:16.0671 0948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/17 22:00:16.0734 0948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 22:00:16.0781 0948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 22:00:16.0843 0948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/17 22:00:16.0906 0948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 22:00:16.0984 0948 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/05/17 22:00:17.0031 0948 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/17 22:00:17.0109 0948 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/17 22:00:17.0171 0948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 22:00:17.0234 0948 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/17 22:00:17.0265 0948 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/17 22:00:17.0312 0948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/17 22:00:17.0390 0948 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/17 22:00:17.0515 0948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 22:00:17.0609 0948 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/17 22:00:17.0640 0948 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/17 22:00:17.0703 0948 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/17 22:00:17.0750 0948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/17 22:00:17.0796 0948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 22:00:17.0828 0948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 22:00:17.0875 0948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 22:00:17.0937 0948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 22:00:17.0968 0948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 22:00:18.0015 0948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 22:00:18.0078 0948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 22:00:18.0109 0948 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/17 22:00:18.0171 0948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 22:00:18.0234 0948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 22:00:18.0390 0948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 22:00:18.0453 0948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 22:00:18.0484 0948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 22:00:18.0531 0948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/17 22:00:18.0578 0948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 22:00:18.0609 0948 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/17 22:00:18.0656 0948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 22:00:18.0718 0948 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/17 22:00:18.0781 0948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 22:00:18.0843 0948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 22:00:18.0875 0948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 22:00:18.0906 0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 22:00:18.0968 0948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 22:00:19.0031 0948 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 22:00:19.0187 0948 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110509.002\NAVENG.SYS
2011/05/17 22:00:19.0265 0948 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110509.002\NAVEX15.SYS
2011/05/17 22:00:19.0406 0948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 22:00:19.0437 0948 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 22:00:19.0484 0948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 22:00:19.0515 0948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 22:00:19.0562 0948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 22:00:19.0593 0948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/17 22:00:19.0640 0948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 22:00:19.0765 0948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 22:00:19.0828 0948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 22:00:19.0921 0948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 22:00:20.0031 0948 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/17 22:00:20.0140 0948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 22:00:20.0171 0948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 22:00:20.0234 0948 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/05/17 22:00:20.0312 0948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 22:00:20.0343 0948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 22:00:20.0390 0948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 22:00:20.0421 0948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 22:00:20.0515 0948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 22:00:20.0562 0948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 22:00:20.0765 0948 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/17 22:00:20.0796 0948 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/17 22:00:20.0921 0948 Point32 (e552d6598670b1e7655cb73d562e0cd9) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/17 22:00:20.0968 0948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 22:00:21.0015 0948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 22:00:21.0062 0948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 22:00:21.0125 0948 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/17 22:00:21.0156 0948 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/17 22:00:21.0203 0948 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/17 22:00:21.0234 0948 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/17 22:00:21.0281 0948 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/17 22:00:21.0312 0948 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/17 22:00:21.0359 0948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 22:00:21.0421 0948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 22:00:21.0468 0948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 22:00:21.0515 0948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 22:00:21.0578 0948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/17 22:00:21.0609 0948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 22:00:21.0656 0948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/17 22:00:21.0718 0948 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 22:00:21.0796 0948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 22:00:21.0906 0948 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/17 22:00:21.0968 0948 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/17 22:00:22.0109 0948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 22:00:22.0171 0948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/17 22:00:22.0203 0948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/17 22:00:22.0281 0948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 22:00:22.0390 0948 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/17 22:00:22.0468 0948 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/17 22:00:22.0546 0948 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/17 22:00:22.0656 0948 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/17 22:00:22.0718 0948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 22:00:22.0812 0948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 22:00:22.0890 0948 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/05/17 22:00:22.0953 0948 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/05/17 22:00:23.0000 0948 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/05/17 22:00:23.0062 0948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 22:00:23.0109 0948 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/17 22:00:23.0156 0948 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/17 22:00:23.0203 0948 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/17 22:00:23.0281 0948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 22:00:23.0343 0948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 22:00:23.0421 0948 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/17 22:00:23.0453 0948 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/17 22:00:23.0515 0948 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/17 22:00:23.0546 0948 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/17 22:00:23.0593 0948 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/17 22:00:23.0640 0948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 22:00:23.0718 0948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 22:00:23.0781 0948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 22:00:23.0828 0948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 22:00:23.0859 0948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 22:00:23.0953 0948 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/17 22:00:23.0984 0948 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/17 22:00:24.0031 0948 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/17 22:00:24.0062 0948 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/17 22:00:24.0109 0948 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/17 22:00:24.0156 0948 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/17 22:00:24.0187 0948 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/17 22:00:24.0250 0948 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/17 22:00:24.0281 0948 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/17 22:00:24.0375 0948 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/17 22:00:24.0453 0948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 22:00:24.0484 0948 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/17 22:00:24.0562 0948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 22:00:24.0625 0948 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/17 22:00:24.0671 0948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/17 22:00:24.0703 0948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 22:00:24.0750 0948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 22:00:24.0796 0948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/17 22:00:24.0843 0948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 22:00:24.0875 0948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/17 22:00:24.0921 0948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 22:00:24.0953 0948 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/17 22:00:24.0984 0948 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/17 22:00:25.0031 0948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 22:00:25.0109 0948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 22:00:25.0187 0948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 22:00:25.0437 0948 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/17 22:00:25.0453 0948 ================================================================================
2011/05/17 22:00:25.0453 0948 Scan finished
2011/05/17 22:00:25.0453 0948 ================================================================================
2011/05/17 22:00:25.0484 0356 Detected object count: 1
2011/05/17 22:01:49.0031 0356 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/17 22:01:49.0031 0356 \HardDisk0 - ok
2011/05/17 22:01:49.0031 0356 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/17 22:01:56.0500 1588 Deinitialize success

Here is the answMBR log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-17 22:12:02
-----------------------------
22:12:02.359 OS Version: Windows 5.1.2600 Service Pack 3
22:12:02.359 Number of processors: 2 586 0x401
22:12:02.359 ComputerName: TAWNYA UserName:
22:12:04.671 Initialize success
22:12:15.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:12:15.406 Disk 0 Vendor: ST380013AS 8.12 Size: 76293MB BusType: 3
22:12:17.437 Disk 0 MBR read successfully
22:12:17.437 Disk 0 MBR scan
22:12:17.437 Disk 0 unknown MBR code
22:12:19.437 Disk 0 scanning sectors +156232125
22:12:19.484 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:32.781 Service scanning
22:12:34.296 Disk 0 trace - called modules:
22:12:34.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:12:34.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ac030]
22:12:34.312 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a6aed98]
22:12:34.312 Scan finished successfully
22:13:12.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Elizabeth\Desktop\MBR.dat"
22:13:12.078 The log file has been saved successfully to "C:\Documents and Settings\Elizabeth\Desktop\aswMBR.txt"

Here is the OTL.txt:
OTL logfile created on: 5/17/2011 10:16:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2304 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 44.25 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
Drive D: | 397.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive W: | 1.00 Gb Total Space | 0.34 Gb Free Space | 33.58% Space Free | Partition Type: NTFS
Drive X: | 1.00 Gb Total Space | 0.34 Gb Free Space | 33.58% Space Free | Partition Type: NTFS

Computer Name: TAWNYA | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 17:43:00 | 000,294,912 | ---- | M] (Maximizer Software Inc.) -- C:\Program Files\Maximizer\MxAlarm.exe
PRC - [2004/11/11 23:00:04 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/06/11 09:36:04 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2003/06/11 09:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (SafeList) ==========

MOD - [2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/10 14:32:16 | 000,043,816 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/11/06 17:31:46 | 000,180,224 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\tawnya.IPS.000\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/24 14:27:44 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/06/11 09:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/19 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/12 18:46:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 13:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys -- (COH_Mon)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{47022066-B66C-45D4-A82A-B3DD19C2ADCC}: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\{47022066-B66C-45D4-A82A-B3DD19C2ADCC} [2010/02/10 08:05:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/12 11:23:51 | 000,000,000 | ---D | M]

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe (Maximizer Software Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275403191687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IPS.local
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 13:50:59 | 000,000,000 | ---D | M] - C:\Autoupdate -- [ NTFS ]
O32 - AutoRun File - [2004/08/13 05:06:41 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/08/13 05:06:41 | 000,208,896 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 22:13:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
[2011/05/17 22:11:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Elizabeth\Desktop\aswMBR.exe
[2011/05/17 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth\Desktop\gmer
[2011/05/12 19:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/12 18:57:53 | 005,559,024 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Elizabeth\Desktop\avg_avct_stb_all_2011_1375_free.exe
[2011/05/12 17:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/12 15:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth\Application Data\AVG10
[2011/05/12 15:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/12 11:44:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/12 11:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/12 11:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/12 11:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/12 11:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/12 11:21:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/12 11:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/12 11:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/09 17:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WiseFixer
[2011/05/09 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\WiseFixer
[2011/05/06 08:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sonic
[2011/05/05 14:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/05 14:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/05 13:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/05 13:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/18 17:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/18 17:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/18 17:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/18 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
[2011/05/17 22:13:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\MBR.dat
[2011/05/17 22:11:10 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Elizabeth\Desktop\aswMBR.exe
[2011/05/17 22:06:31 | 000,512,930 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/17 22:06:31 | 000,100,036 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/17 22:05:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/17 22:05:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 22:03:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/17 22:03:12 | 1600,278,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 11:36:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 10:30:44 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\gmer.zip
[2011/05/17 10:22:09 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\dds.scr
[2011/05/17 10:15:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Elizabeth\defogger_reenable
[2011/05/17 08:48:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 17:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/16 16:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/13 09:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/12 20:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/12 19:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/12 18:57:57 | 005,559,024 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Elizabeth\Desktop\avg_avct_stb_all_2011_1375_free.exe
[2011/05/12 15:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/12 11:23:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/12 11:22:47 | 114,586,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/12 11:22:23 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/09 17:01:32 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2011/05/09 17:01:32 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WiseFixer.lnk
[2011/05/09 11:42:58 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/06 16:00:51 | 000,000,677 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/05/01 15:01:24 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 15:00:51 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/18 17:23:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/18 17:23:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/18 17:21:04 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 22:13:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\MBR.dat
[2011/05/17 22:03:12 | 1600,278,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 10:30:43 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\gmer.zip
[2011/05/17 10:22:09 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\dds.scr
[2011/05/17 10:15:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Elizabeth\defogger_reenable
[2011/05/12 11:23:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/09 17:01:32 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2011/05/09 17:01:32 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WiseFixer.lnk
[2011/05/09 08:42:10 | 114,586,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/05/06 08:49:06 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/05/05 13:39:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 17:21:04 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/18 08:54:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 20:52:34 | 000,017,984 | -HS- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\A28k41
[2010/04/11 20:52:34 | 000,017,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\A28k41
[2010/02/28 16:57:14 | 000,017,280 | -HS- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\3lWA80e66MIo
[2010/02/10 08:05:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzuvumah.dat
[2010/02/10 08:05:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mbuceyekiten.bin
[2010/01/20 18:28:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/20 18:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/20 18:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/20 18:28:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/20 18:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 11:27:28 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/25 16:56:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\AatrixForms.INI
[2008/06/23 10:00:16 | 000,202,240 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/04/18 18:10:00 | 000,001,763 | ---- | C] () -- C:\WINDOWS\PCW160.INI_upg2011
[2008/01/12 09:36:54 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2007/12/17 10:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/29 17:43:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Simspy32.dll
[2007/03/21 07:28:50 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2007/02/22 12:38:28 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2006/03/01 15:51:26 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/02/28 20:23:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/02/28 20:13:46 | 000,001,006 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/02/28 20:13:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/02/28 20:13:46 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/02/28 20:13:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7420.dat
[2006/02/28 20:13:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/02/28 20:13:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006/02/28 20:13:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/02/28 20:13:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/02/28 20:01:35 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini_old
[2005/05/04 15:03:25 | 000,004,700 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/25 12:19:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/20 08:29:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/01/13 12:37:46 | 000,180,224 | R--- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2004/12/31 14:10:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Bclwdde.ini
[2004/12/31 14:10:04 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\WINCTL32.DLL
[2004/12/31 14:10:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/12/31 14:10:03 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004/12/31 14:05:15 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/12/31 14:04:12 | 000,000,793 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/12/31 14:04:05 | 000,003,309 | ---- | C] () -- C:\WINDOWS\pcw100.ini
[2004/12/21 11:59:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/21 11:55:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/21 11:52:17 | 000,000,677 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/21 11:41:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/21 11:41:00 | 000,512,930 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/21 11:41:00 | 000,100,036 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/21 11:24:02 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/22 16:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:20:10 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:14:38 | 000,005,008 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:12:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 11:31:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/11 11:31:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,133,120 | ---- | C] () -- C:\WINDOWS\akinifusizebaz.dll
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/07/13 15:35:48 | 000,001,561 | ---- | C] () -- C:\WINDOWS\PCW130.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/01/04 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/04/11 20:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2011/05/12 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/12 11:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/12 11:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/21 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaximizerGlobalReports10
[2011/05/12 19:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/03/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/22 12:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/09/12 14:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2006/02/28 20:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/03 09:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/22 12:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/04/05 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/25 16:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Aatrix Software
[2011/05/12 15:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\AVG10
[2009/04/16 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\licenses
[2011/05/12 19:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Mikogo
[2009/04/16 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\PCMM2009
[2008/10/31 16:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Peachtree
[2010/06/17 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Sage
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/05/13 09:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/05/12 11:22:23 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/05/12 15:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/05/16 17:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/05/12 19:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/05/12 20:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\I386\VOLSNAP.SYS
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< %systemroot%\*. /mp /s >

< End of report >

Here is the Extra.txt:
OTL Extras logfile created on: 5/17/2011 10:16:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2304 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 44.25 Gb Free Space | 61.79% Space Free | Partition Type: NTFS
Drive D: | 397.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive W: | 1.00 Gb Total Space | 0.34 Gb Free Space | 33.58% Space Free | Partition Type: NTFS
Drive X: | 1.00 Gb Total Space | 0.34 Gb Free Space | 33.58% Space Free | Partition Type: NTFS

Computer Name: TAWNYA | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3392:TCP" = 3392:TCP:*:Enabled:RDP:3392
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Pervasive PSQL Workgroup Engine -- (Pervasive Software Inc.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\LMI3.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI3.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\SYSTEM32\ftp.exe" = C:\WINDOWS\SYSTEM32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29888684-31EE-47A4-A254-9B244DEAA1E5}" = Maximizer CRM 10 Service Pack 1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MAXIMIZER)
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4712DD15-D681-4BDF-B623-9D4F33550F44}" = Peachtree Complete Accounting 2006
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A847475-157F-45AD-9919-CD40D344B8B1}" = QBFC3.0
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}" =
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9376D1C4-434F-40C9-90AC-ED6F22D36F3A}" = NA1Messenger
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8E766FC-5D35-45ED-B091-6420C8154B34}" = Maximizer CRM 10
"{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}" = Peachtree Accounting 2011
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.480
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{29888684-31EE-47A4-A254-9B244DEAA1E5}" = Maximizer CRM 10 Service Pack 1
"InstallShield_{4712DD15-D681-4BDF-B623-9D4F33550F44}" = Peachtree Complete Accounting 2006
"InstallShield_{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}" = Peachtree Accounting 2011
"Integration Services" = Sage Software Integration Services
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maximizer CRM 10_{E8E766FC-5D35-45ED-B091-6420C8154B34}" = Maximizer CRM 10 Group Edition Workstation
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mikogo" = Mikogo
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2009
"PROSet" = Intel® PRO Network Adapters and Drivers
"Stamps.com" = Stamps.com
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f269fca5d8764803" = Sage Exchange

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/17/2011 9:55:16 AM | Computer Name = TAWNYA | Source = Userenv | ID = 1097
Description = Windows cannot find the machine account, The clocks on the client
and server machines are skewed. .

Error - 5/17/2011 9:55:16 AM | Computer Name = TAWNYA | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 5/17/2011 11:33:21 AM | Computer Name = TAWNYA | Source = Userenv | ID = 1104
Description = Windows cannot perform filter check for Group Policy object CN={E3684FF5-2599-4F2B-8E6F-4DA8FA6B4CE6},CN=Policies,CN=System,DC=IPS,DC=local.
The associated filter cannot be found. This Group Policy Object will be skipped.

Error - 5/17/2011 11:33:21 AM | Computer Name = TAWNYA | Source = Userenv | ID = 1104
Description = Windows cannot perform filter check for Group Policy object CN={7F192E2E-1829-4A19-BD4F-CC1F1DD390BB},CN=Policies,CN=System,DC=IPS,DC=local.
The associated filter cannot be found. This Group Policy Object will be skipped.

Error - 5/17/2011 10:50:54 PM | Computer Name = TAWNYA | Source = Userenv | ID = 1097
Description = Windows cannot find the machine account, The clocks on the client
and server machines are skewed. .

Error - 5/17/2011 10:50:54 PM | Computer Name = TAWNYA | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 5/17/2011 11:04:37 PM | Computer Name = TAWNYA | Source = Userenv | ID = 1097
Description = Windows cannot find the machine account, The clocks on the client
and server machines are skewed. .

Error - 5/17/2011 11:04:37 PM | Computer Name = TAWNYA | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 5/17/2011 11:07:57 PM | Computer Name = TAWNYA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/17/2011 11:07:57 PM | Computer Name = TAWNYA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/17/2011 11:04:49 PM | Computer Name = TAWNYA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/17/2011 11:08:11 PM | Computer Name = TAWNYA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 5/17/2011 11:08:12 PM | Computer Name = TAWNYA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 5/17/2011 11:09:15 PM | Computer Name = TAWNYA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 5/17/2011 11:10:40 PM | Computer Name = TAWNYA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 5/17/2011 11:13:37 PM | Computer Name = TAWNYA | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 5/17/2011 11:17:09 PM | Computer Name = TAWNYA | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/17/2011 11:17:09 PM | Computer Name = TAWNYA | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 5/17/2011 11:19:54 PM | Computer Name = TAWNYA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 5/17/2011 11:22:00 PM | Computer Name = TAWNYA | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

< End of report >

So far the computer seems to be 'back to normal'.

#4 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 18 May 2011 - 02:52 PM

Hello,

Glad to hear things are running better. There are some things we still need to fix.

1.
We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Otl
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2004/08/13 05:06:41 | 000,208,896 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011/05/16 17:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/05/13 09:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/05/12 20:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/05/12 19:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/05/12 15:22:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/05/12 11:22:23 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/05/06 08:49:07 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/11 20:52:34 | 000,017,984 | -HS- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\A28k41
[2010/02/28 16:57:14 | 000,017,280 | -HS- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\3lWA80e66MIo
[2010/02/10 08:05:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzuvumah.dat
[2010/02/10 08:05:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mbuceyekiten.bin

:Commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[REBOOT]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

2.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.

Download Link 1

Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

3.
Please run a BitDefender Online Scan

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.

Double click

Custom Scan

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Quick Scan

copy and paste it in a reply here:

OTL.txt <-- Will be opened

Things to include in your next reply::
OTL fix log
MBAM log
BitDefender log
OTL.txt
How is your machine running now?

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#5 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 18 May 2011 - 03:14 PM

I will proceed following your instructions this evening.

Just FYI: After sending you my response last night I shut the computer down. It had updates to download but I chose to shut-down without installing updates (out of ignorant caution).

Please let me know if I should install the updates, or not (and if so before or after following the above instructions).

THANK YOU!

This post has been edited by needingbleepinghelp: 18 May 2011 - 03:51 PM

#6 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 18 May 2011 - 06:35 PM

Hello,

I would cancel any windows updates until we can get you clean.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#7 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 19 May 2011 - 06:03 PM

OTL Report:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\Documents and Settings\Elizabeth\Local Settings\Application Data\A28k41 moved successfully.
C:\Documents and Settings\Elizabeth\Local Settings\Application Data\3lWA80e66MIo moved successfully.
C:\WINDOWS\Lzuvumah.dat moved successfully.
C:\WINDOWS\Mbuceyekiten.bin moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrator.IPS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrator.IPS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Andrea
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: andrea.IPS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Carlton

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Elizabeth
->Temp folder emptied: 507179 bytes
->Temporary Internet Files folder emptied: 44365636 bytes
->Java cache emptied: 697087 bytes
->Flash cache emptied: 101962 bytes

User: jerry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 272744668 bytes
->Flash cache emptied: 16433 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 309784281 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 49014 bytes

User: robin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 161440 bytes
->Flash cache emptied: 300 bytes

User: Tawnya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 14411 bytes
->Flash cache emptied: 300 bytes

User: tawnya.IPS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4393223 bytes
->Java cache emptied: 947020 bytes
->Flash cache emptied: 24929 bytes

User: tawnya.IPS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 20503865 bytes
->Java cache emptied: 5972662 bytes
->Flash cache emptied: 49149 bytes

User: TAWNYA~1~000

User: tawnya~IPS

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144782 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180905527 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80199428 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1666288352 bytes

Total Files Cleaned = 2,468.00 mb

[EMPTYFLASH]

User: Admin

User: Administrator

User: administrator.IPS

User: administrator.IPS.000

User: All Users

User: Andrea

User: andrea.IPS.000

User: Carlton

User: Default User

User: Elizabeth
->Flash cache emptied: 0 bytes

User: jerry

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: robin
->Flash cache emptied: 0 bytes

User: Tawnya
->Flash cache emptied: 0 bytes

User: tawnya.IPS
->Flash cache emptied: 0 bytes

User: tawnya.IPS.000
->Flash cache emptied: 0 bytes

User: TAWNYA~1~000

User: tawnya~IPS

User: TEMP

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_180519

Files\Folders moved on Reboot...
File move failed. D:\setup.exe scheduled to be moved on reboot.
C:\Documents and Settings\Elizabeth\Local Settings\Temp\config.dat moved successfully.
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DF3BD.tmp not found!
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DF432.tmp not found!
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DF526.tmp not found!
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DF5DE.tmp not found!
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DF951.tmp not found!
File\Folder C:\Documents and Settings\Elizabeth\Local Settings\Temp\~DFC2F.tmp not found!
C:\Documents and Settings\Elizabeth\Local Settings\Temporary Internet Files\Content.IE5\TOEE7B19\page_pid_2252448[1].htm moved successfully.
C:\Documents and Settings\Elizabeth\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_44c.dat not found!

Registry entries deleted on Reboot...

Malwarebytes Scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6620

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 6:45:30 PM
mbam-log-2011-05-19 (18-45-30).txt

Scan type: Quick scan
Objects scanned: 318506
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BITDefender Failed. It starts and looks like it's going to run then stops. The first time I tried to run it the scan ran for some time. I came back and found the error message. I re-ran it with same results. I rebooted the computer and re-ran it with the same results.

Will wait for further instructions.

Thanks for your continued support!

This post has been edited by needingbleepinghelp: 19 May 2011 - 07:25 PM

#8 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 19 May 2011 - 07:51 PM

Hello,

Forget about BitDefender for now.

Custom Scan

Quick Scan

copy and paste it in a reply here:

OTL.txt

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#9 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 19 May 2011 - 11:14 PM

OTL logfile created on: 5/19/2011 11:18:14 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Elizabeth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2304 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 46.43 Gb Free Space | 64.82% Space Free | Partition Type: NTFS
Drive D: | 397.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive W: | 1.00 Gb Total Space | 0.38 Gb Free Space | 38.16% Space Free | Partition Type: NTFS
Drive X: | 1.00 Gb Total Space | 0.38 Gb Free Space | 38.16% Space Free | Partition Type: NTFS

Computer Name: TAWNYA | User Name: elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/17 19:48:36 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2009/09/17 19:47:56 | 000,049,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/29 17:43:00 | 000,294,912 | ---- | M] (Maximizer Software Inc.) -- C:\Program Files\Maximizer\MxAlarm.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/11/11 23:00:04 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/06/11 09:36:04 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2003/06/11 09:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (SafeList) ==========

MOD - [2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/10 14:32:16 | 000,043,816 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/11/06 17:31:46 | 000,180,224 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\tawnya.IPS.000\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/24 14:27:44 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/06/11 09:34:58 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 03:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/19 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/12 18:46:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 13:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys -- (COH_Mon)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{47022066-B66C-45D4-A82A-B3DD19C2ADCC}: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\{47022066-B66C-45D4-A82A-B3DD19C2ADCC} [2010/02/10 08:05:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/12 11:23:51 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/05/19 18:10:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe (Maximizer Software Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275403191687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IPS.local
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 13:50:59 | 000,000,000 | ---D | M] - C:\Autoupdate -- [ NTFS ]
O32 - AutoRun File - [2004/08/13 05:06:41 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 18:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/05/19 18:05:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 22:13:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
[2011/05/17 22:11:05 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Elizabeth\Desktop\aswMBR.exe
[2011/05/17 10:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth\Desktop\gmer
[2011/05/12 19:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/12 18:57:53 | 005,559,024 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Elizabeth\Desktop\avg_avct_stb_all_2011_1375_free.exe
[2011/05/12 17:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/12 15:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth\Application Data\AVG10
[2011/05/12 15:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/12 11:44:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/12 11:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/12 11:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/12 11:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/12 11:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/12 11:21:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/12 11:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/12 11:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/09 17:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WiseFixer
[2011/05/09 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\WiseFixer
[2011/05/06 08:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sonic
[2011/05/05 14:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/05 14:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/05 13:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/05 13:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/05/19 23:16:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/05/19 23:15:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 23:14:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/05/19 23:14:05 | 1600,278,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 18:48:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 18:37:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 18:10:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/05/19 18:01:56 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/05/17 22:14:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth\Desktop\OTL.exe
[2011/05/17 22:13:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\MBR.dat
[2011/05/17 22:11:10 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Elizabeth\Desktop\aswMBR.exe
[2011/05/17 22:06:31 | 000,512,930 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/05/17 22:06:31 | 000,100,036 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/05/17 11:36:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 10:30:44 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\gmer.zip
[2011/05/17 10:22:09 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Desktop\dds.scr
[2011/05/17 10:15:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Elizabeth\defogger_reenable
[2011/05/16 16:30:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/12 18:57:57 | 005,559,024 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Elizabeth\Desktop\avg_avct_stb_all_2011_1375_free.exe
[2011/05/12 11:23:57 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/12 11:22:47 | 114,586,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/09 17:01:32 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2011/05/09 17:01:32 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WiseFixer.lnk
[2011/05/09 11:42:58 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/06 16:00:51 | 000,000,677 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/01 15:01:24 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 15:00:51 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

========== Files Created - No Company Name ==========

[2011/05/17 22:13:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\MBR.dat
[2011/05/17 22:03:12 | 1600,278,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 10:30:43 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\gmer.zip
[2011/05/17 10:22:09 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Desktop\dds.scr
[2011/05/17 10:15:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Elizabeth\defogger_reenable
[2011/05/12 11:23:57 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/09 17:01:32 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\WiseFixer.lnk
[2011/05/09 17:01:32 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WiseFixer.lnk
[2011/05/09 08:42:10 | 114,586,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 13:39:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/18 08:54:42 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Elizabeth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 20:52:34 | 000,017,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\A28k41
[2010/01/20 18:28:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/20 18:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/20 18:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/20 18:28:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/20 18:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/01 11:27:28 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/25 16:56:44 | 000,000,026 | ---- | C] () -- C:\WINDOWS\AatrixForms.INI
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/06/23 10:00:16 | 000,202,240 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/04/18 18:10:00 | 000,001,763 | ---- | C] () -- C:\WINDOWS\PCW160.INI_upg2011
[2008/01/12 09:36:54 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2007/12/17 10:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/10/29 17:43:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Simspy32.dll
[2007/03/21 07:28:50 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2007/02/22 12:38:28 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2006/03/01 15:51:26 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/02/28 20:23:08 | 000,000,053 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/02/28 20:13:46 | 000,001,006 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/02/28 20:13:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/02/28 20:13:46 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/02/28 20:13:46 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7420.dat
[2006/02/28 20:13:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/02/28 20:13:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006/02/28 20:13:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/02/28 20:13:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/02/28 20:01:35 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini_old
[2005/05/04 15:03:25 | 000,004,700 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/25 12:19:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/20 08:29:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/01/13 12:37:46 | 000,180,224 | R--- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2004/12/31 14:10:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Bclwdde.ini
[2004/12/31 14:10:04 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\WINCTL32.DLL
[2004/12/31 14:10:03 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/12/31 14:10:03 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004/12/31 14:05:15 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/12/31 14:04:12 | 000,000,793 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/12/31 14:04:05 | 000,003,309 | ---- | C] () -- C:\WINDOWS\pcw100.ini
[2004/12/21 11:59:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/21 11:55:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/21 11:52:17 | 000,000,677 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/21 11:41:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/21 11:41:00 | 000,512,930 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/21 11:41:00 | 000,100,036 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/21 11:24:02 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/22 16:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:20:10 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:14:38 | 000,005,008 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:12:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 11:31:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/11 11:31:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,133,120 | ---- | C] () -- C:\WINDOWS\akinifusizebaz.dll
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/07/13 15:35:48 | 000,001,561 | ---- | C] () -- C:\WINDOWS\PCW130.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/01/04 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2010/04/11 20:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2011/05/12 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/12 11:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/12 11:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/21 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaximizerGlobalReports10
[2011/05/12 19:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2005/03/10 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/22 12:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/09/12 14:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2006/02/28 20:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/01/03 09:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/22 12:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/04/05 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/25 16:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Aatrix Software
[2011/05/12 15:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\AVG10
[2009/04/16 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\licenses
[2011/05/12 19:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Mikogo
[2009/04/16 15:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\PCMM2009
[2008/10/31 16:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Peachtree
[2010/06/17 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elizabeth\Application Data\Sage

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/12 09:57:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

The computer seems to be working fine.
Thanks,

This post has been edited by needingbleepinghelp: 19 May 2011 - 11:18 PM

#10 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 20 May 2011 - 05:47 PM

Hello, needingbleepinghelp.
Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

Download OTC by OldTimer and save it to your desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
Recommendations
Below are some recommendations to lower your chances of (re)infection.

Install and maintain an outbound firewall
Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.
Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
Install an Anti-Spyware program, and update it regularly
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista
- Click the "Start Menu" (or Windows Orb)
- Click "All Programs"
- Click "Windows Update"
- On the left, choose "Change Settings"
- Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
- Press OK and accept the UAC prompt.
  Note: You shouldn't need to check this checkbox every single time you update, only the first time.
- Click "Check for Updates" in the upper left corner.
- Follow the instructions to install the latest updates.
- Reboot and repeat the "Check for Updates" until there are no more critical updates to install
Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing .

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#11 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 22 May 2011 - 11:41 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding

With Regards,
fireman4it

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#12 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 23 May 2011 - 07:32 AM

Hello Fireman4it:
PLEASE FORGIVE MY HAVING BEEN AWOL THIS WEEKEND. I had family obligations. I'll get back to work and try to finish-up on it this morning.
I would never let this go un-thanked and unpaid for. Your service has been incredible. I'm so grateful.
Sincerely,

#13 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 23 May 2011 - 10:13 AM

Hello Fireman4it:
I've completed the processes up until 'Recommendations'. The problem I'm facing is my ignorance in knowing which decisions won't cause other problems (It has been easy to follow your instructions 'step by step' but now it's not so clear).

Our little home office works as follows: We have a server that everyone works off of (two of us here, and, one remotely through a dedicated PC that we always leave on). We have a residential cable modem and use DYNDNS.ORG to solve the dynamic IP address issue.

This system was set up for us and we have no clue about the liabilities of doing something like blocking unwanted parasites using host file (I read 'overriding addresses in dns' and I get scared we'll fall off the face of the earth!)or making advanced firewall adjustments.

Also: We have Symantech Endpoint Protection that is a paid-for. On the computers that it was up to date we know of no problems (but I'm fearful we wouldn't know!). I accidentally downloaded AVG (which I will remove if you think I should). Currently, the Symantech is turned off, and the AVG is running.

If you are willing and able to help me understand what steps I should take I would be most appreciative. BUT if the above is something I need to deal with on my own, I certainly can't blame you for saying 'you need to start learning!' and leave it at that.

I rate your service as 'EXCELLENT'! THANK YOU!

Sincerely,

#14 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,315
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 23 May 2011 - 03:31 PM

Hello,

I would forget about Hostman. I would how ever install and use Spyware Blaster it is a good program as long as you manually update it it once a week. You don't need to install a firewall as long as your have Symantech Endpoint Protection. It has a built in firewall. I would uninstall Avg however.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#15 needingbleepinghelp

New Member

Group: Members
Posts: 10
Joined: 13-May 11

Posted 24 May 2011 - 09:23 AM

Hello Fireman4it:

Everything is GREAT! Thank you!

I saved StartUpLite but when I try to run it I'm getting an error message saying it is not a valid Win32 application.

Should I try to fix it, delete the file and move on, or, is there something I should do other than just leaving it there?

I just wanted to try and optimize the computer. It's running fine. I probably should have left good enough alone!