unknown virus problems

Hi Guys,
this is my first post to the site, and I will attempt to make it understandable.

I have a Dell laptop running XP Pro belonging to my sister in law which is unable to connect to any site on the web to do with virus protection. It can connect to normal web sites, no problem.

Using Google, I found the post below:-

"rojandowloader.xs removed - cannot access antivirus websites or updat."

dated 25 May 2008 and it seems to mirror my problems, but I am unable to use the tools that are mentioned in the post by Essexboy. ie OTMoveIt2 by OldTimer. and OTScanit. etc

I have run various antivirus programs on the laptop such as Avast, autorun virus remover, hijackthis, regcure, and Xoftspyse and I have removed a pile of junk, but I still cant connect to windows or any of the anti virus websites.

THere are 10 lines on Hijackthis currently, to do with Avast, Ebay, CAnon CAmera access, Google update etc, but I cant figure how to grab a picture of it to put into this post.

I have tried to run the computer in safe mode, but the screen does not load correctly, leaving me with 6 horizontal blue lines, approx 30mm wide, with a few streaks of colour, and it looks as if the normal windows page has been stretched diagonally . Needless to say, safe mode does not load past that point.

Is there anyone that can give me a hand to resolve this issue, as I would like to fix it more than doing a reformat and new download of the operating system.
Below are the dds and rootrepeal results.




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/06/2005 2:53:21 PM
System Uptime: 22/08/2009 8:30:40 PM (3 hours ago)

Motherboard: Dell Computer Corporation | | 01W890
Processor: Intel® Pentium® M processor 1400MHz | Microprocessor | 1398/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 6.247 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 21/08/2009 6:01:35 PM - System Checkpoint
RP2: 22/08/2009 9:25:38 AM - Removed Symantec AntiVirus
RP3: 22/08/2009 10:21:40 AM - working 100%
RP4: 22/08/2009 10:51:16 AM - Software Distribution Service 3.0
RP5: 22/08/2009 1:05:16 PM - Removed Eudora
RP6: 22/08/2009 2:41:15 PM - Installed Cisco Aironet Installation Program

==== Installed Programs ======================

101 Puzzle & Logic Games
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Autorun Virus Remover 2.3
avast! Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
C-Major Audio
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Cisco Aironet Installation Program
Conexant D480 MDC V.9x Modem
Dell ResourceCD
EPSON Printer Software
Google Earth
HijackThis 2.0.2
InterVideo FilterSDK for Panasonic
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0
Macromedia Shockwave Player
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Modem Helper
MotionSD STUDIO 1.3E
MovieEdit Task
MSN
Nero 6 Ultra Edition
Nero Media Player
NeroVision Express 2
NVIDIA Drivers
OptimizerEasy 5.1
PhotoStitch
Picasa 3
PowerDVD
QuickTime
RAW Image Task 2.2
RegCure
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Spybot - Search & Destroy
Suite Specific
TreeSize Free V2.3.3
Typequick
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VRWriter4
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
XoftSpySE

==== Event Viewer Messages From Past Week ========

22/08/2009 8:30:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
22/08/2009 8:26:38 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
22/08/2009 8:24:51 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
22/08/2009 8:13:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
22/08/2009 7:41:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
22/08/2009 12:51:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
22/08/2009 12:45:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 12:45:14 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/08/2009 10:00:06 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library Imation Imation USB USB Device.
21/08/2009 9:50:12 PM, error: Service Control Manager [7023] - The Monitor Update service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
21/08/2009 9:50:12 PM, error: Service Control Manager [7023] - The Config Boot service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
21/08/2009 9:49:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
21/08/2009 6:03:53 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/08/2009 6:02:46 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
21/08/2009 6:01:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
21/08/2009 6:01:30 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/08/2009 5:32:31 PM, error: Service Control Manager [7023] - The Monitor Update service terminated with the following error: The specified module could not be found.

==== End Of File ===========================






ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/22 23:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF68D2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A6E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2F25000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf69156b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf6915574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf6915a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf691514c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf691564e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf691508c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf69150f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf691576e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf691572e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf69158ae

Hidden Services
-------------------
Service Name: pwudklvy
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: yrtnmno
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF

Many thanks

Sails

Hello sails

Welcome to Welcome to BleepingComputer
See if you can download the following:
=====================

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========

Hi kahdah,
thankyu for the reply, and the instructions.
Below are the results of the scans:-

cheers, and thankyou for your help; very much appreciated.
Sails



OTL logfile created on: 23/08/2009 8:35:11 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

511.23 Mb Total Physical Memory | 289.78 Mb Available Physical Memory | 56.68% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.19 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 96.81% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM-76CB72E
Current User Name: Sal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - E:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS2 [Disabled | Stopped]) -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (bgsvcgen [Auto | Running]) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (pwudklvy [Auto | Stopped]) -- C:\WINDOWS\System32\drnpqou.dll ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (yrtnmno [Auto | Stopped]) -- C:\WINDOWS\System32\drnpqou.dll ()

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (CSCO21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\csco21.sys (Cisco Systems, Inc.)
DRV - (DevUpper [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys (Texas Instruments Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTICARD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gticard.sys (Texas Instruments)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (tiumfwl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tiumfwl.sys (Texas Instruments Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/08/21 15:52:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2008/11/18 19:18:52 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/23 14:49:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/08/23 08:33:56 | 00,000,262 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\OTL.lnk
[2009/08/22 22:51:14 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\My Pictures.lnk
[2009/08/22 22:51:08 | 00,000,400 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Malcolms.lnk
[2009/08/22 22:05:34 | 13,755,08480 | ---- | C] () -- C:\Backup.bkf
[2009/08/22 21:49:57 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\OptimizerEasy_home.job
[2009/08/22 21:49:44 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Optimizer Easy.lnk
[2009/08/22 21:49:42 | 00,000,000 | ---D | C] -- C:\Program Files\Optimizer Easy
[2009/08/22 20:21:35 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/22 20:21:35 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/22 20:21:35 | 00,243,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/22 20:21:35 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/22 20:21:35 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/22 20:21:35 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/22 20:21:35 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/22 20:21:35 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/22 20:21:35 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/22 20:21:35 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/22 20:21:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/22 20:21:35 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/22 20:21:34 | 03,012,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/22 20:21:34 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/22 20:21:34 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/22 20:21:34 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/22 20:21:34 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/22 20:21:34 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/22 20:21:34 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/22 20:21:34 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/22 20:21:34 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/22 20:21:34 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/22 20:21:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/22 20:21:34 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/22 20:21:34 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/22 20:21:34 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/22 20:21:34 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/22 20:21:34 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/22 20:21:34 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/22 20:21:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/22 20:21:34 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll
[2009/08/22 20:21:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/22 20:21:34 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/22 20:21:34 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/22 20:21:34 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/22 20:21:34 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/22 20:21:34 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/22 20:21:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/22 20:21:33 | 02,179,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/22 20:21:33 | 02,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/22 20:21:33 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/22 20:21:33 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/22 20:21:33 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/22 20:21:33 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/22 20:21:33 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/22 20:21:33 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/22 20:21:33 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/22 20:21:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/22 20:21:33 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/22 20:21:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/22 20:21:33 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/22 20:21:32 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/22 20:21:32 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/22 20:21:32 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/22 20:21:32 | 00,359,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/22 20:21:32 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/22 20:21:32 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/22 20:21:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/22 20:21:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/22 19:57:19 | 00,228,864 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/22 19:57:19 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/22 19:57:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/22 19:57:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/22 19:57:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/22 19:57:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/22 19:57:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/22 19:57:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/22 19:57:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/22 19:55:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/22 16:31:08 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Control Panel.lnk
[2009/08/22 16:18:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\HijackThis.lnk
[2009/08/22 16:18:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/22 16:09:25 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk
[2009/08/22 16:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\AutorunRemover
[2009/08/22 16:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Desktop\AutorunRemover
[2009/08/22 16:07:25 | 01,184,565 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\AutorunRemover.zip
[2009/08/22 15:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/08/22 15:29:57 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/08/22 15:29:51 | 00,000,368 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/08/22 15:23:39 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\RegCure Application.lnk
[2009/08/22 15:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/08/22 15:18:28 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/22 15:18:27 | 00,000,358 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/22 15:18:24 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\XoftSpySE.lnk
[2009/08/22 15:18:22 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009/08/22 15:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\WinRAR
[2009/08/22 15:17:06 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/08/22 15:16:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2009/08/22 15:08:26 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sal\Desktop\setup-spybotsd162.exe
[2009/08/22 14:50:46 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Spybot - Search & Destroy.lnk
[2009/08/22 14:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/22 14:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/22 14:41:19 | 00,011,643 | ---- | C] () -- C:\WINDOWS\System32\net21.inf
[2009/08/22 14:41:19 | 00,007,980 | ---- | C] () -- C:\WINDOWS\System32\net21.cat
[2009/08/22 14:41:16 | 00,344,832 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\csco21.sys
[2009/08/22 14:41:16 | 00,344,832 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csco21.sys
[2009/08/22 12:48:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/08/22 12:20:23 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\TreeSize Free.lnk
[2009/08/22 11:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\JAM Software
[2009/08/22 11:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2009/08/22 10:52:45 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/22 09:25:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/21 16:33:54 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 16:33:53 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/21 16:33:52 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/21 16:33:50 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/21 16:33:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/21 16:33:44 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/21 16:33:44 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/21 16:33:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/21 16:33:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/21 16:33:06 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/21 16:33:06 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/21 16:32:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/20 19:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\MSNInstaller
[2009/08/06 19:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\My Documents\My Received Files
[2009/05/18 19:28:54 | 00,000,293 | ---- | C] () -- C:\WINDOWS\BROWSER.INI
[2008/09/23 21:19:57 | 00,000,028 | ---- | C] () -- C:\WINDOWS\MotionSDSTUDIO.INI
[2008/05/23 19:57:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/05/23 19:56:43 | 00,240,640 | R--- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2008/04/08 18:53:59 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2007/05/25 20:08:28 | 00,000,211 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/05/23 18:30:31 | 00,000,594 | ---- | C] () -- C:\WINDOWS\TetrisPk.ini
[2007/02/25 08:46:07 | 00,000,020 | ---- | C] () -- C:\WINDOWS\gojigsaw.ini
[2006/09/22 16:14:55 | 00,000,057 | ---- | C] () -- C:\WINDOWS\101plg.ini
[2006/07/02 12:28:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/01/11 18:50:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 08:34:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/26 20:33:34 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/06/30 19:25:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2005/06/30 19:07:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/12 23:33:16 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 23:30:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/12 23:27:58 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/12 23:20:44 | 00,168,096 | RHS- | C] () -- C:\WINDOWS\System32\drnpqou.dll
[2004/08/12 23:19:54 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1999/03/23 23:46:24 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/01/22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/23 08:33:56 | 00,000,262 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\OTL.lnk
[2009/08/23 08:32:59 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/23 08:32:58 | 00,028,987 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/08/23 08:32:52 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/23 08:32:50 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/08/23 08:32:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/23 08:32:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/22 23:49:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/22 22:32:35 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Word.lnk
[2009/08/22 22:21:10 | 13,755,08480 | ---- | M] () -- C:\Backup.bkf
[2009/08/22 21:50:04 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\OptimizerEasy_home.job
[2009/08/22 21:49:44 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Optimizer Easy.lnk
[2009/08/22 20:20:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/22 16:31:08 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Control Panel.lnk
[2009/08/22 16:19:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\HijackThis.lnk
[2009/08/22 16:09:25 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk
[2009/08/22 16:07:40 | 01,184,565 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\AutorunRemover.zip
[2009/08/22 15:29:57 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/08/22 15:23:39 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\RegCure Application.lnk
[2009/08/22 15:18:29 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/22 15:18:24 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\XoftSpySE.lnk
[2009/08/22 15:16:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Spybot - Search & Destroy.lnk
[2009/08/22 15:14:12 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sal\Desktop\setup-spybotsd162.exe
[2009/08/22 14:42:46 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 14:42:46 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/22 14:42:46 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/22 14:42:31 | 06,629,354 | -H-- | M] () -- C:\Documents and Settings\Sal\Local Settings\Application Data\IconCache.db
[2009/08/22 12:20:23 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\TreeSize Free.lnk
[2009/08/22 09:39:01 | 04,444,296 | ---- | M] (Computer Associates International, Inc.) -- C:\vet-win32-full-10.67.0.0.exe
[2009/08/21 21:46:18 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/21 16:33:54 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/20 22:17:15 | 00,228,864 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/18 18:20:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/18 02:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/18 02:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/18 02:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/18 02:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/18 02:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/18 02:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/18 02:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/18 02:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/18 02:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/06 20:18:35 | 00,000,211 | ---- | M] () -- C:\WINDOWS\cncscore.ini
[2009/08/06 20:16:29 | 00,028,987 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/05 15:51:02 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Internet Explorer.lnk
[2009/07/29 09:49:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Sal\My Documents\PDVD_MediaDisc.PlayList

========== LOP Check ==========

[2009/08/22 15:23:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/18 19:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2005/07/17 20:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2005/07/17 20:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/09/23 21:19:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2005/06/30 19:11:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/08/22 15:18:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sal\Application Data
[2005/07/21 12:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\Ahead
[2008/10/29 15:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\CyberLink
[2009/08/22 11:28:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\JAM Software
[2009/08/20 19:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\MSNInstaller
[2007/04/27 13:22:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\Opera
[2005/08/07 08:51:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sal\Application Data\Qualcomm
[2009/04/14 08:07:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/12 23:23:47 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/22 21:50:04 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\OptimizerEasy_home.job
[2009/08/23 08:32:50 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/08/22 15:29:57 | 00,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/08/23 08:32:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/23 08:32:52 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2009/08/22 15:18:29 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\vet-win32-full-10.67.0.0.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\vetsetuplog.txt:SummaryInformation
< End of report >

OTL Extras logfile created on: 23/08/2009 8:35:11 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

511.23 Mb Total Physical Memory | 289.78 Mb Available Physical Memory | 56.68% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.19 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 96.81% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM-76CB72E
Current User Name: Sal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\mozilla.org\Mozilla\mozilla.exe (Mozilla Foundation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1618:TCP" = 1618:TCP:*:Enabled:fqegnxir

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Disabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05108C14-956B-4723-8346-7EA8982CD2FC}" = 101 Puzzle & Logic Games
"{14FB4C04-0A21-4FE6-A2D2-13EA3B82A211}_is1" = OptimizerEasy 5.1
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{5B34EEAF-2BD6-4323-B7C2-FB8968755ACC}" = Cisco Aironet Installation Program
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F9984F4C-BDF5-4992-BCD9-4D774D4643D9}" = Camera Window DS
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{F9984F4C-BDF5-4992-BCD9-4D774D4643D9}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RegCure" = RegCure
"TreeSize Free_is1" = TreeSize Free V2.3.3
"Typequick" = Typequick
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
"XoftSpySE" = XoftSpySE

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 22/08/2009 2:27:55 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\drnpqou.dll failed, 00000005.

Error - 22/08/2009 2:28:05 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\01.tmp failed, 00000005.

Error - 22/08/2009 3:46:39 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\drnpqou.dll failed, 00000005.

Error - 22/08/2009 3:46:42 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\01.tmp failed, 00000005.

Error - 22/08/2009 5:54:20 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\drnpqou.dll failed, 00000005.

Error - 22/08/2009 5:54:28 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\01.tmp failed, 00000005.

Error - 22/08/2009 6:31:39 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\drnpqou.dll failed, 00000005.

Error - 22/08/2009 6:31:48 AM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\01.tmp failed, 00000005.

Error - 22/08/2009 6:32:23 PM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\drnpqou.dll failed, 00000005.

Error - 22/08/2009 6:32:45 PM | Computer Name = WILLIAM-76CB72E | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\01.tmp failed, 00000005.

[ Application Events ]
Error - 6/08/2009 2:24:05 AM | Computer Name = WILLIAM-76CB72E | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x7C911E58, attempting to access address 0x00000000. Please contact Microsoft
Product Support Services to report this error. ntdll!RtlInitializeCriticalSection+0x32b
ntdll!wcsncpy+0x2cd
ole32!IsValidIid+0xdb
ole32!CoTaskMemFree+0x13
es!DllGetClassObject+0xa67
es!DllGetClassObject+0x175d
es!DllGetClassObject+0x180e
es!DllGetClassObject+0x1901
es!+0x12a43
es!+0x12a85
es!+0x12ad4
es!+0x12b0e
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x26d16
es!+0x29013
kernel32!GetModuleFileNameA+0x1b4

Error - 6/08/2009 2:24:05 AM | Computer Name = WILLIAM-76CB72E | Source = EventSystem | ID = 4618
Description = The COM+ Event System raised an unexpected access violation at address
0x7C910F2B, attempting to access address 0x48435054. Please contact Microsoft
Product Support Services to report this error. ntdll!wcsncpy+0x49c ntdll!wcsncpy+0x2cd
ole32!IsValidIid+0xdb
ole32!CoTaskMemFree+0x13
es!+0x2863d
es!+0x247d7
es!+0x12a3d
es!+0x12a85
es!+0x12ad4
es!+0x12b0e
ole32!FreePropVariantArray+0xf8
ole32!FreePropVariantArray+0xa0
es!+0x26d25
es!+0x29013
kernel32!GetModuleFileNameA+0x1b4

Error - 21/08/2009 4:09:10 AM | Computer Name = WILLIAM-76CB72E | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 22/08/2009 1:06:57 AM | Computer Name = WILLIAM-76CB72E | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2009 1:38:09 AM | Computer Name = WILLIAM-76CB72E | Source = Application Hang | ID = 1002
Description = Hanging application Advanced Uninstaller PRO v9.6 Setup.tmp, version
51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2009 1:38:23 AM | Computer Name = WILLIAM-76CB72E | Source = Application Hang | ID = 1002
Description = Hanging application Advanced Uninstaller PRO v9.6 Setup.tmp, version
51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2009 8:19:52 AM | Computer Name = WILLIAM-76CB72E | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2009 8:19:54 AM | Computer Name = WILLIAM-76CB72E | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2009 8:21:09 AM | Computer Name = WILLIAM-76CB72E | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
Off Mode: Replace Type: Normal Consult the backup report for more details.

Error - 22/08/2009 8:21:10 AM | Computer Name = WILLIAM-76CB72E | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

[ System Events ]
Error - 22/08/2009 6:13:41 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 22/08/2009 6:19:17 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 22/08/2009 6:19:18 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 22/08/2009 6:30:00 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Antivirus service.

Error - 22/08/2009 6:31:42 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7023
Description = The Monitor Update service terminated with the following error: %%1114

Error - 22/08/2009 6:31:42 AM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7023
Description = The Config Boot service terminated with the following error: %%1114

Error - 22/08/2009 8:00:06 AM | Computer Name = WILLIAM-76CB72E | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Imation Imation
USB USB Device.

Error - 22/08/2009 8:00:08 AM | Computer Name = WILLIAM-76CB72E | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Imation Imation
USB USB Device.

Error - 22/08/2009 6:32:26 PM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7023
Description = The Monitor Update service terminated with the following error: %%1114

Error - 22/08/2009 6:32:26 PM | Computer Name = WILLIAM-76CB72E | Source = Service Control Manager | ID = 7023
Description = The Config Boot service terminated with the following error: %%1114


< End of report >

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - (pwudklvy [Auto | Stopped]) -- C:\WINDOWS\System32\drnpqou.dll ()
  SRV - (yrtnmno [Auto | Stopped]) -- C:\WINDOWS\System32\drnpqou.dll ()
  
  :files
  C:\WINDOWS\system32\01.tmp
  
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
  "1618:TCP"=-
  :Commands
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Hi Kahdah,
below are the results of the latest scans.
many thanks
Sails

All processes killed
========== OTL ==========

Service\Driver pwudklvy deleted successfully.
LoadLibrary failed for C:\WINDOWS\System32\drnpqou.dll
C:\WINDOWS\System32\drnpqou.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\drnpqou.dll scheduled to be moved on reboot.

Service\Driver yrtnmno deleted successfully.
LoadLibrary failed for C:\WINDOWS\System32\drnpqou.dll
C:\WINDOWS\System32\drnpqou.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\drnpqou.dll scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\WINDOWS\system32\01.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1618:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HARLS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: New Briefcase

User: Sal
->Temp folder emptied: 929690 bytes
->Temporary Internet Files folder emptied: 13960922 bytes
->Java cache emptied: 16489618 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 303633 bytes
File delete failed. C:\WINDOWS\temp\_av_proI.tm~a03544\setup.lok scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 98304 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.51 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08242009_080945

Files\Folders moved on Reboot...
LoadLibrary failed for C:\WINDOWS\System32\drnpqou.dll
C:\WINDOWS\System32\drnpqou.dll NOT unregistered.
C:\WINDOWS\System32\drnpqou.dll moved successfully.
File\Folder C:\WINDOWS\temp\_av_proI.tm~a03544\setup.lok not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat moved successfully.

Registry entries deleted on Reboot...
--------------------------------------------------------------------------------------------------------------------------




Malwarebytes' Anti-Malware 1.40
Database version: 2685
Windows 5.1.2600 Service Pack 2

24/08/2009 5:26:03 PM
mbam-log-2009-08-24 (17-26-03).txt

Scan type: Quick Scan
Objects scanned: 99834
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 24/08/2009 5:47:59 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Sal\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

511.23 Mb Total Physical Memory | 282.84 Mb Available Physical Memory | 55.33% Memory free
1.22 Gb Paging File | 0.96 Gb Available in Paging File | 78.85% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.16 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.81 Gb Free Space | 96.80% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM-76CB72E
Current User Name: Sal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Documents and Settings\Sal\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS2 [Disabled | Stopped]) -- c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (bgsvcgen [Auto | Running]) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (getPlusHelper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (CSCO21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\csco21.sys (Cisco Systems, Inc.)
DRV - (DevUpper [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys (Texas Instruments Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTICARD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gticard.sys (Texas Instruments)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (tiumfwl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tiumfwl.sys (Texas Instruments Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/08/21 15:52:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/08/23 20:42:24 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.132.12 203.2.75.132 198.142.0.51
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/23 14:49:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/24 07:59:46 | 00,059,288 | ---- | M] () - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/24 17:42:35 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Hi Kahdah.doc
[2009/08/24 08:22:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\Malwarebytes
[2009/08/24 08:22:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 08:22:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/24 08:22:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/24 08:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/24 08:22:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/24 08:21:32 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sal\Desktop\mbam-setup.exe
[2009/08/24 08:10:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/24 08:09:45 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/24 08:01:09 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sal\Desktop\OTL.exe
[2009/08/23 20:42:23 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/23 20:42:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/23 08:33:56 | 00,000,262 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\OTL.lnk
[2009/08/22 22:51:14 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\My Pictures.lnk
[2009/08/22 22:51:08 | 00,000,400 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Malcolms.lnk
[2009/08/22 22:05:34 | 13,755,08480 | ---- | C] () -- C:\Backup.bkf
[2009/08/22 21:49:57 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\OptimizerEasy_home.job
[2009/08/22 21:49:44 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Optimizer Easy.lnk
[2009/08/22 21:49:42 | 00,000,000 | ---D | C] -- C:\Program Files\Optimizer Easy
[2009/08/22 20:21:35 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/22 20:21:35 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/22 20:21:35 | 00,243,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/22 20:21:35 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/22 20:21:35 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/22 20:21:35 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/22 20:21:35 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/22 20:21:35 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/22 20:21:35 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/22 20:21:35 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/22 20:21:35 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/22 20:21:35 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/22 20:21:34 | 03,012,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/22 20:21:34 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/22 20:21:34 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/22 20:21:34 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/22 20:21:34 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/22 20:21:34 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/22 20:21:34 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/22 20:21:34 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/22 20:21:34 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/22 20:21:34 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/22 20:21:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/22 20:21:34 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/22 20:21:34 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/22 20:21:34 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/22 20:21:34 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/22 20:21:34 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/22 20:21:34 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/22 20:21:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/22 20:21:34 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll
[2009/08/22 20:21:34 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/22 20:21:34 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/22 20:21:34 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/22 20:21:34 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/22 20:21:34 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/22 20:21:34 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/22 20:21:34 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/22 20:21:33 | 02,179,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/22 20:21:33 | 02,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/22 20:21:33 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/22 20:21:33 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/22 20:21:33 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/22 20:21:33 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/22 20:21:33 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/22 20:21:33 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/22 20:21:33 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/22 20:21:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/22 20:21:33 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/22 20:21:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/22 20:21:33 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/22 20:21:32 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/22 20:21:32 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/22 20:21:32 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/22 20:21:32 | 00,359,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/22 20:21:32 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/22 20:21:32 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/22 20:21:32 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/22 20:21:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/22 19:57:19 | 00,228,864 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/22 19:57:19 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/22 19:57:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/22 19:57:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/22 19:57:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/22 19:57:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/22 19:57:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/22 19:57:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/22 19:57:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/22 19:55:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/22 16:31:08 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Control Panel.lnk
[2009/08/22 16:18:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\HijackThis.lnk
[2009/08/22 16:18:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/22 16:09:25 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk
[2009/08/22 16:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\AutorunRemover
[2009/08/22 16:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Desktop\AutorunRemover
[2009/08/22 16:07:25 | 01,184,565 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\AutorunRemover.zip
[2009/08/22 15:35:29 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/08/22 15:29:57 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/08/22 15:29:51 | 00,000,368 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/08/22 15:23:39 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\RegCure Application.lnk
[2009/08/22 15:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/08/22 15:18:28 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/22 15:18:27 | 00,000,358 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/22 15:18:24 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\XoftSpySE.lnk
[2009/08/22 15:18:22 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009/08/22 15:18:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\WinRAR
[2009/08/22 15:17:06 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/08/22 15:16:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2009/08/22 15:08:26 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sal\Desktop\setup-spybotsd162.exe
[2009/08/22 14:50:46 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\Spybot - Search & Destroy.lnk
[2009/08/22 14:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/22 14:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/22 14:41:19 | 00,011,643 | ---- | C] () -- C:\WINDOWS\System32\net21.inf
[2009/08/22 14:41:19 | 00,007,980 | ---- | C] () -- C:\WINDOWS\System32\net21.cat
[2009/08/22 14:41:16 | 00,344,832 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\csco21.sys
[2009/08/22 14:41:16 | 00,344,832 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\csco21.sys
[2009/08/22 12:48:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/08/22 12:20:23 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\Sal\Desktop\TreeSize Free.lnk
[2009/08/22 11:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\JAM Software
[2009/08/22 11:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2009/08/22 10:52:45 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/22 09:25:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/21 16:33:54 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/21 16:33:53 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/21 16:33:52 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/21 16:33:50 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/21 16:33:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/21 16:33:44 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/21 16:33:44 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/21 16:33:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/21 16:33:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/21 16:33:06 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/21 16:33:06 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/08/21 16:32:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/20 19:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\Application Data\MSNInstaller
[2009/08/06 19:00:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sal\My Documents\My Received Files
[2009/05/18 19:28:54 | 00,000,293 | ---- | C] () -- C:\WINDOWS\BROWSER.INI
[2008/09/23 21:19:57 | 00,000,028 | ---- | C] () -- C:\WINDOWS\MotionSDSTUDIO.INI
[2008/05/23 19:57:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/05/23 19:56:43 | 00,240,640 | R--- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2008/04/08 18:53:59 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Pharaoh's Pitfalls.ini
[2007/05/25 20:08:28 | 00,000,211 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/05/23 18:30:31 | 00,000,594 | ---- | C] () -- C:\WINDOWS\TetrisPk.ini
[2007/02/25 08:46:07 | 00,000,020 | ---- | C] () -- C:\WINDOWS\gojigsaw.ini
[2006/09/22 16:14:55 | 00,000,057 | ---- | C] () -- C:\WINDOWS\101plg.ini
[2006/07/02 12:28:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/01/11 18:50:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 08:34:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/26 20:33:34 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/06/30 19:25:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2005/06/30 19:07:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/12 23:33:16 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 23:30:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/12 23:27:58 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/12 23:19:54 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1999/03/23 23:46:24 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/01/22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/24 17:42:35 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Hi Kahdah.doc
[2009/08/24 17:41:59 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Word.lnk
[2009/08/24 17:16:16 | 00,028,987 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/08/24 08:22:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/24 08:21:32 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sal\Desktop\mbam-setup.exe
[2009/08/24 08:18:17 | 00,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/24 08:18:11 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/08/24 08:18:11 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/08/24 08:12:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/24 08:12:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/23 08:33:56 | 00,000,262 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\OTL.lnk
[2009/08/23 08:30:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sal\Desktop\OTL.exe
[2009/08/22 23:49:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/22 22:21:10 | 13,755,08480 | ---- | M] () -- C:\Backup.bkf
[2009/08/22 21:50:04 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\OptimizerEasy_home.job
[2009/08/22 21:49:44 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Optimizer Easy.lnk
[2009/08/22 20:20:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/22 16:31:08 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Control Panel.lnk
[2009/08/22 16:19:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\HijackThis.lnk
[2009/08/22 16:09:25 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk
[2009/08/22 16:07:40 | 01,184,565 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\AutorunRemover.zip
[2009/08/22 15:29:57 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/08/22 15:23:39 | 00,001,528 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\RegCure Application.lnk
[2009/08/22 15:18:29 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/08/22 15:18:24 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\XoftSpySE.lnk
[2009/08/22 15:16:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Spybot - Search & Destroy.lnk
[2009/08/22 15:14:12 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sal\Desktop\setup-spybotsd162.exe
[2009/08/22 14:42:46 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 14:42:46 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/22 14:42:46 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/22 14:42:31 | 06,629,354 | -H-- | M] () -- C:\Documents and Settings\Sal\Local Settings\Application Data\IconCache.db
[2009/08/22 12:20:23 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\TreeSize Free.lnk
[2009/08/22 09:39:01 | 04,444,296 | ---- | M] (Computer Associates International, Inc.) -- C:\vet-win32-full-10.67.0.0.exe
[2009/08/21 21:46:18 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/21 16:33:54 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/08/20 22:17:15 | 00,228,864 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/18 18:20:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/18 02:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/18 02:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/18 02:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/18 02:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/18 02:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/18 02:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/18 02:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/18 02:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/18 02:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/06 20:18:35 | 00,000,211 | ---- | M] () -- C:\WINDOWS\cncscore.ini
[2009/08/06 20:16:29 | 00,028,987 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/05 15:51:02 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Sal\Desktop\Internet Explorer.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/29 09:49:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Sal\My Documents\PDVD_MediaDisc.PlayList

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\vet-win32-full-10.67.0.0.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\vetsetuplog.txt:SummaryInformation
< End of report >

Hi Kahdah,
your good efforts seem to have had the desired results, and on my sister in laws behalf, I am extremely pleased with the outcome. This has also been a good learning curve for me.

All the security items are working well, Microsoft updates and other security sites are once again accessable. Now I just have to get her to free up some of disc space.

many thanks
Sails

You are welcome

Cleanup:

Please double click on OTL it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your all set.


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.