Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivir Invasion


  • This topic is locked This topic is locked
35 replies to this topic

#1 carocake

carocake

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 22 July 2010 - 05:02 PM

Hello everyone - My computer was Hijacked the other day by the Antivir System Pro. It all started when I was looking at Google images and clicked on one to open it and get a better look. Instantly the Antivir invaded my computer and locked me down. I was somehow able to find this community and tried to work my way through the forum that describes how to remove the virus. I followed all steps. The Malwarebytes said it removed the virus so I tried to run my computer in regualar mode and got on Internet explorer. Every time I clicked on an item off of the search page I would get redirected to an add/search page. In extreme frustration I have tried numerous other tricks to save my computer but to no avail. I have run McAffe free scan, superantispyware, stinger, rkill, tdsskiller etc. They all find something but I don't think they get to the root of the problem and now I am gunshy and am afraid to use my computer out of safemode with networking. I have run a hijackthis and have this log for you. I would really appreciate any help. By the way I am using an HP mini 110 and have Windows XP and am running IE8. From what I understand this thing doesn't have a system recovery so I can't set it back to factory :(. Before this all started my only complaint was the Microsoft C++ Runtime error that kept popping up.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:33 PM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Randy\Desktop\hjkths2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:sale-7vzcw-1526556043@craigslist.org?subject=Wicker%20Daybed%20-%20%2450%20(Pawleys%20Island%2C%20SC)&body=%0A%0Ahttp%3A%2F%2Fmyrtlebeach.craigslist.org%2Ffuo%2F1526556043.html%0A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...050/mcfscan.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 7056 bytes

Edited by Budapest, 25 July 2010 - 04:25 PM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 29 July 2010 - 06:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 04 August 2010 - 05:54 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 22 August 2010 - 08:09 AM

Reopened at OP's request.

Please follow the instructions above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 23 August 2010 - 01:35 PM

Thank you so much for helping me. I have had a bit of a problem doing the items you requested though. I tried to backup my computer as instructed and it failed - saying that something was damaged. I also tried to run the GMER log as requested and when I open the program it immediately starts scanning. I canceled the scan and unchecked the items indicated then restarted the scan but instead of seeing the log when the scan is finished it instantly restarts my computer without giving me a chance to save anything. Also on the GMER inst. page the second link for GMER is to download spydoctor - no further instructions were given in regard to that. I have the OTL files you requested:

OTL logfile created on: 8/22/2010 8:43:42 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Randy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 90.00 Gb Free Space | 60.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENSBABY
Current User Name: Randy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 20:41:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe
PRC - [2010/06/15 13:56:04 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/16 23:07:01 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/14 06:54:00 | 000,589,104 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
PRC - [2009/07/14 06:54:00 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
PRC - [2009/07/08 22:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe
PRC - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/06/02 22:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/30 19:02:08 | 000,319,488 | ---- | M] () -- C:\Program Files\HP\HPBTWD.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/04/15 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 08:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/08/15 20:41:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe
MOD - [2008/04/15 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/07/22 23:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/07/08 22:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/02 22:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/07/27 15:01:38 | 000,016,984 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/07/02 02:10:54 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2009/06/29 16:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/06/18 12:36:16 | 000,308,608 | ---- | M] (CamVendor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cam3820a.sys -- (Cam3820)
DRV - [2009/06/04 22:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/02 04:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 04:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 04:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/05/29 20:25:00 | 001,570,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/04/21 13:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 16:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/17 01:19:44 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2009/01/15 22:41:00 | 000,206,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/15 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 19:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 19:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 10:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/15 18:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/18 09:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 09:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 09:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 09:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 09:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 08:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 08:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 08:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 08:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 08:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 08:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 08:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 08:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 08:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/07/15 10:13:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3923972537-395328355-2521877187-1005..\Run: [wmsdk64_32.exe] C:\DOCUME~1\Randy\LOCALS~1\Temp\wmsdk64_32.exe File not found
O4 - Startup: C:\Documents and Settings\Randy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Randy\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...050/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Tempest.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Tempest.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "avast! Web Scanner"
MsConfig - Services: "avast! Mail Scanner"
MsConfig - Services: "avast! Antivirus"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/15 20:41:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe
[2010/08/12 20:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\My Documents\Residential Keeping Rooms - Gallery Bridgette Boylan Interiors, Inc1_files
[2010/07/26 21:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/07/24 10:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/22 17:28:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Randy\Desktop\hjkths2.exe
[2010/07/22 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/22 09:30:23 | 008,251,911 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Randy\My Documents\stinger1001934.exe
[2010/07/18 09:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\SafeReturner
[2010/07/18 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2010/07/18 08:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2010/07/17 22:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/16 15:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\Malwarebytes
[2010/07/16 13:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/16 12:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/16 12:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 09:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/16 09:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/16 09:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\cvmcwitvw
[2010/07/15 19:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/15 15:10:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2010/07/15 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/07/15 14:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/07/15 14:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2010/07/15 14:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2010/07/15 14:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\My Documents\Visual Studio 2010
[2010/07/15 14:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/07/15 14:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/07/15 14:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/07/15 13:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/09 16:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\My Documents\MOMS RECIPE BOOK
[2010/06/28 22:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/06/27 12:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/27 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 08:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/16 13:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/15 20:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\IsolatedStorage
[2010/06/09 18:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/02 20:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\Apple Computer
[2010/06/02 20:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/02 20:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/02 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/02 20:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/02 20:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\Apple
[2010/06/02 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/02 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/02 20:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/02 20:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\Apple Computer
[2010/05/28 13:44:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Randy\My Documents\My Videos
[2010/05/28 13:44:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/24 20:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/24 19:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\My Documents\RECIPES
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/22 08:47:37 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/08/22 08:34:50 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/08/22 08:01:22 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 07:59:24 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/22 07:59:04 | 000,682,830 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/22 07:59:04 | 000,560,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/22 07:59:04 | 000,109,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/22 07:56:41 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\The Pioneer Woman Cooks - Complete Recipe Index Archives.url
[2010/08/22 07:54:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 07:54:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 07:54:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 07:53:58 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 23:20:24 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Randy\NTUSER.DAT
[2010/08/21 23:20:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Randy\ntuser.ini
[2010/08/21 20:55:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8A7CC67-5D07-4219-BF63-A977CE05817E}.job
[2010/08/21 19:18:36 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Wachovia - Personal Finance and Business Financial Services.url
[2010/08/21 19:18:05 | 000,021,168 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Payment Approval82110.mht
[2010/08/21 10:30:29 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\craigslist atlanta classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/08/20 14:14:58 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Just received 40 night stands - microwave carts.url
[2010/08/18 19:04:11 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Little Green Notebook Make Shades Out of Mini Blinds.url
[2010/08/18 16:54:24 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Motherboards & Power Supplies.url
[2010/08/18 16:48:58 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Yahoo! Mail The best web-based email!.url
[2010/08/17 17:59:44 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\DRESSER.url
[2010/08/15 20:41:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe
[2010/08/15 19:49:30 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\CafeteriaCash.com.url
[2010/08/13 21:22:37 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 18:07:54 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 12:58:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 20:48:21 | 000,010,270 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Residential Keeping Rooms - Gallery Bridgette Boylan Interiors, Inc1.htm
[2010/08/12 20:03:11 | 000,058,864 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors6.mht
[2010/08/12 20:02:42 | 000,058,864 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors5.mht
[2010/08/12 20:02:16 | 000,058,864 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors4.mht
[2010/08/12 20:01:51 | 000,058,864 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors3.mht
[2010/08/12 20:01:37 | 000,058,864 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors2.mht
[2010/08/12 20:00:49 | 000,011,958 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors1.htm
[2010/08/11 21:58:38 | 000,042,678 | ---- | M] () -- C:\Documents and Settings\Randy\Application Data\wklnhst.dat
[2010/08/11 21:58:38 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\sorrow.wps
[2010/08/11 20:51:48 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Atlanta Pest Control & Exterminator Services from Arrow Exterminators.url
[2010/08/08 21:21:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/08 09:28:09 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Apple Dutch Baby Pancake.wps
[2010/08/08 08:02:01 | 000,461,824 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Olive oil cakes with lemon and thyme.wps
[2010/08/08 07:56:10 | 000,437,760 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Make-Ahead Muffin Melts.wps
[2010/08/07 22:13:04 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Block Posters - Create large wall posters from any image for free!.url
[2010/08/07 20:03:37 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Crab and Ricotta Ravioli.wps
[2010/08/07 14:57:29 | 000,104,382 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\1701780_vectorized[1].PNG
[2010/08/07 14:44:50 | 000,442,443 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\2347[1].pdf
[2010/08/06 08:52:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/04 21:10:35 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\AIM Mail (1).url
[2010/08/01 13:39:28 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\aimacct.wps
[2010/07/31 10:15:52 | 000,273,920 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Hot fudge.wps
[2010/07/31 09:00:06 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Cinnamon Swirled Bark Candy.wps
[2010/07/31 08:58:35 | 000,179,200 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Vanilla Butter Cake.wps
[2010/07/31 08:49:02 | 000,200,192 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Red White and blue bark.wps
[2010/07/31 08:42:14 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Praline Bundt Cake.wps
[2010/07/28 17:38:07 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\chore list.wps
[2010/07/28 13:18:31 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\sandwich ideas.wps
[2010/07/27 16:06:27 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Graham Cracker Chewy Bars.wps
[2010/07/26 17:21:28 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Randy\Start Menu\Programs\Startup\wkcalrem.LNK
[2010/07/24 16:07:53 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Ashley's Scottish Shortbread Recipe Food Network.url
[2010/07/24 15:24:59 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Lemon Icebox Cake - Fine Cooking Recipes, Techniques and Tips.url
[2010/07/24 10:58:10 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/24 10:58:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/24 10:58:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/24 10:32:11 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/24 10:31:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 21:04:02 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Self-Rising Flour Biscuits King Arthur Flour.url
[2010/07/22 18:17:22 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Perfect Soft Dinner Rolls.url
[2010/07/22 17:31:33 | 000,007,057 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\hijackthislog
[2010/07/22 17:28:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Randy\Desktop\hjkths2.exe
[2010/07/22 17:22:01 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\stinger1001934.opt
[2010/07/22 09:30:37 | 008,251,911 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Randy\My Documents\stinger1001934.exe
[2010/07/22 09:12:57 | 000,000,303 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Security Response Removal Tools - Symantec Corp..url
[2010/07/22 09:02:55 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\A - Z list of all Threats and Risks - Symantec Corp..url
[2010/07/18 17:10:45 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Internet search links redirected to different sites.url
[2010/07/18 09:24:55 | 004,314,432 | -H-- | M] () -- C:\Documents and Settings\Randy\Local Settings\Application Data\IconCache.db
[2010/07/18 09:23:39 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/16 08:26:32 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Greystone Power.url
[2010/07/16 07:48:50 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\WSA.url
[2010/07/15 18:09:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Randy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 14:22:30 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Well-Built Clinical Questions using PICO.url
[2010/07/15 14:20:51 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/07/15 10:51:00 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Offline Mail.lnk
[2010/07/15 10:14:35 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\Randy\Application Data\Microsoft\Internet Explorer\Quick Launch\Offline Mail.lnk
[2010/07/13 17:21:15 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Finally, I found it! « bakerella.com.url
[2010/07/13 14:10:49 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Medical Review Courses- CPR Training Duluth eBay Classifieds (Kijiji) 3393883.url
[2010/07/13 13:55:00 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\WEEKEND 2-DAY Phlebotomy Certification Workshop, Aug 21-22, 2010 Norcross eBay Classifieds (Kijiji) 3340125.url
[2010/07/13 08:19:53 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Types of Roaches The American Cockroach (Also Known as a WaterBug).url
[2010/07/11 14:06:58 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Deep Fried Dill Pickles Recipe - Allrecipes.com.url
[2010/07/11 10:53:35 | 000,043,804 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\img_plantedpaths_ss1.jpg
[2010/07/10 10:22:22 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Knock-Off Wood Knock-Off Wood's Plan Catalog.url
[2010/07/10 09:16:41 | 000,003,079 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Build It With Ana Floating Shelves Young House Love.url
[2010/07/09 18:48:17 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\ Console table plan, esprit cabane, make your own furniture.url
[2010/07/08 18:11:53 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\bakerella.com.url
[2010/07/07 16:22:06 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\INST. FOR TAG.wps
[2010/07/07 11:05:04 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\STOLLOWEEN » Pumpkins (2).url
[2010/07/07 09:57:33 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Metro Medical Training Center - Get a career in healthcare today!.url
[2010/07/07 09:38:35 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Urology list.wps
[2010/07/06 20:14:38 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\MEDICAL CAREER SPECIALISTS.wps
[2010/07/06 20:13:37 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\THIS ONE Medical Assistant (CCMA).url
[2010/07/06 19:34:05 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Medical Assistant Medical Assistant Certificate Program.url
[2010/07/02 20:54:58 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Nanna's homemade ice cream.wps
[2010/06/28 09:42:21 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Carolyn J Rhoads Resume.wps
[2010/06/27 18:27:44 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Wel Star Answers.wps
[2010/06/25 12:09:29 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Low Cost Spay & Neuter for West Georgia.url
[2010/06/19 19:23:09 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Tasty Kitchen – Favorite Recipes from Real Kitchens Everywhere!.url
[2010/06/19 09:25:26 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Atlanta Events - Events in Atlanta  accessAtlanta.url
[2010/06/17 14:03:33 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Chapel Hills - Home Page.url
[2010/06/17 10:13:54 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\info c++ error.wps
[2010/06/09 19:08:13 | 000,035,066 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf1.pdf
[2010/06/09 19:05:23 | 000,035,066 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf1
[2010/06/09 19:02:34 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf
[2010/06/09 16:56:34 | 000,156,554 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\CertElig.pdf
[2010/06/08 09:42:02 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\SCANA Energy - Natural Gas Company, Energy Supplier, Georgia.url
[2010/06/07 12:34:40 | 009,549,562 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\JR Resume.rtf
[2010/06/06 11:57:35 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\JR Resume.wps
[2010/06/01 15:20:25 | 000,018,114 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\Jennifer Rhoads Letter of Reference[1].pdf
[2010/05/27 18:27:29 | 000,784,119 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\CREDIT REPORT JR.mht
[2010/05/27 08:05:35 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Canongate Golf Clubs Atlanta, Georgia.url
[2010/05/26 10:21:51 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\TO GET LICENSE.wps
[2010/05/26 08:50:09 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Randy\My Documents\MA CERT SCHOOL.wps
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/21 19:18:03 | 000,021,168 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Payment Approval82110.mht
[2010/08/20 14:14:58 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Just received 40 night stands - microwave carts.url
[2010/08/18 19:04:11 | 000,000,276 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Little Green Notebook Make Shades Out of Mini Blinds.url
[2010/08/18 16:54:24 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Motherboards & Power Supplies.url
[2010/08/17 17:59:44 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\DRESSER.url
[2010/08/15 19:49:29 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\CafeteriaCash.com.url
[2010/08/13 21:22:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 20:48:20 | 000,010,270 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Residential Keeping Rooms - Gallery Bridgette Boylan Interiors, Inc1.htm
[2010/08/12 20:03:10 | 000,058,864 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors6.mht
[2010/08/12 20:02:41 | 000,058,864 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors5.mht
[2010/08/12 20:02:15 | 000,058,864 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors4.mht
[2010/08/12 20:01:50 | 000,058,864 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors3.mht
[2010/08/12 20:01:36 | 000,058,864 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors2.mht
[2010/08/12 20:00:49 | 000,011,958 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Black Sheep Interiors1.htm
[2010/08/11 21:14:59 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\sorrow.wps
[2010/08/11 20:51:48 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Atlanta Pest Control & Exterminator Services from Arrow Exterminators.url
[2010/08/08 09:28:09 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Apple Dutch Baby Pancake.wps
[2010/08/08 08:02:01 | 000,461,824 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Olive oil cakes with lemon and thyme.wps
[2010/08/08 07:52:54 | 000,437,760 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Make-Ahead Muffin Melts.wps
[2010/08/07 20:03:37 | 000,190,464 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Crab and Ricotta Ravioli.wps
[2010/08/07 14:57:28 | 000,104,382 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\1701780_vectorized[1].PNG
[2010/08/07 14:44:50 | 000,442,443 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\2347[1].pdf
[2010/08/01 14:27:44 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\AIM Mail (1).url
[2010/08/01 13:39:27 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\aimacct.wps
[2010/07/31 10:15:52 | 000,273,920 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Hot fudge.wps
[2010/07/31 09:00:06 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Cinnamon Swirled Bark Candy.wps
[2010/07/31 08:58:35 | 000,179,200 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Vanilla Butter Cake.wps
[2010/07/31 08:49:01 | 000,200,192 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Red White and blue bark.wps
[2010/07/31 08:42:13 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Praline Bundt Cake.wps
[2010/07/28 17:09:32 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\chore list.wps
[2010/07/28 13:18:31 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\sandwich ideas.wps
[2010/07/27 16:06:27 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Graham Cracker Chewy Bars.wps
[2010/07/26 17:21:28 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Randy\Start Menu\Programs\Startup\wkcalrem.LNK
[2010/07/24 16:07:53 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Ashley's Scottish Shortbread Recipe Food Network.url
[2010/07/24 10:58:06 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Randy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/07/24 10:37:23 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/24 10:32:11 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/07/23 21:04:02 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Self-Rising Flour Biscuits King Arthur Flour.url
[2010/07/22 18:17:22 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Perfect Soft Dinner Rolls.url
[2010/07/22 17:31:33 | 000,007,057 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\hijackthislog
[2010/07/22 17:22:01 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\stinger1001934.opt
[2010/07/22 09:12:57 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Security Response Removal Tools - Symantec Corp..url
[2010/07/22 09:02:55 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\A - Z list of all Threats and Risks - Symantec Corp..url
[2010/07/18 11:44:13 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Internet search links redirected to different sites.url
[2010/07/16 15:00:10 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 08:26:32 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Greystone Power.url
[2010/07/16 07:48:50 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\WSA.url
[2010/07/15 14:22:30 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Well-Built Clinical Questions using PICO.url
[2010/07/15 14:20:51 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/07/15 10:51:00 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Offline Mail.lnk
[2010/07/15 10:14:35 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\Randy\Application Data\Microsoft\Internet Explorer\Quick Launch\Offline Mail.lnk
[2010/07/13 17:21:15 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Finally, I found it! « bakerella.com.url
[2010/07/13 11:30:06 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Lemon Icebox Cake - Fine Cooking Recipes, Techniques and Tips.url
[2010/07/13 08:19:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Types of Roaches The American Cockroach (Also Known as a WaterBug).url
[2010/07/11 14:06:57 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Deep Fried Dill Pickles Recipe - Allrecipes.com.url
[2010/07/11 10:54:13 | 000,043,804 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\img_plantedpaths_ss1.jpg
[2010/07/10 09:28:29 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Knock-Off Wood Knock-Off Wood's Plan Catalog.url
[2010/07/10 09:16:41 | 000,003,079 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Build It With Ana Floating Shelves Young House Love.url
[2010/07/09 18:48:17 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\ Console table plan, esprit cabane, make your own furniture.url
[2010/07/08 18:11:53 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\bakerella.com.url
[2010/07/07 16:22:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\INST. FOR TAG.wps
[2010/07/07 11:05:04 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\STOLLOWEEN » Pumpkins (2).url
[2010/07/07 09:57:33 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Metro Medical Training Center - Get a career in healthcare today!.url
[2010/07/07 09:38:27 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Urology list.wps
[2010/07/06 20:13:37 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\THIS ONE Medical Assistant (CCMA).url
[2010/07/06 20:01:13 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\WEEKEND 2-DAY Phlebotomy Certification Workshop, Aug 21-22, 2010 Norcross eBay Classifieds (Kijiji) 3340125.url
[2010/07/06 19:50:10 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\MEDICAL CAREER SPECIALISTS.wps
[2010/07/06 19:38:08 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Medical Review Courses- CPR Training Duluth eBay Classifieds (Kijiji) 3393883.url
[2010/07/06 19:34:05 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Medical Assistant Medical Assistant Certificate Program.url
[2010/07/02 20:54:58 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Nanna's homemade ice cream.wps
[2010/06/28 09:42:21 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Carolyn J Rhoads Resume.wps
[2010/06/27 18:27:44 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Wel Star Answers.wps
[2010/06/25 12:09:29 | 000,000,188 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Low Cost Spay & Neuter for West Georgia.url
[2010/06/19 19:23:09 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Tasty Kitchen – Favorite Recipes from Real Kitchens Everywhere!.url
[2010/06/19 09:25:26 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Atlanta Events - Events in Atlanta  accessAtlanta.url
[2010/06/17 10:13:53 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\info c++ error.wps
[2010/06/12 14:26:59 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\The Pioneer Woman Cooks - Complete Recipe Index Archives.url
[2010/06/09 19:08:13 | 000,035,066 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf1.pdf
[2010/06/09 19:05:23 | 000,035,066 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf1
[2010/06/09 19:02:34 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\JR Resumepdf
[2010/06/09 16:56:34 | 000,156,554 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\CertElig.pdf
[2010/06/08 09:42:25 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Wachovia - Personal Finance and Business Financial Services.url
[2010/06/08 09:42:02 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\SCANA Energy - Natural Gas Company, Energy Supplier, Georgia.url
[2010/06/07 12:34:32 | 009,549,562 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\JR Resume.rtf
[2010/06/02 20:08:26 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/01 15:20:25 | 000,018,114 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\Jennifer Rhoads Letter of Reference[1].pdf
[2010/05/27 18:27:24 | 000,784,119 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\CREDIT REPORT JR.mht
[2010/05/26 10:21:51 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\TO GET LICENSE.wps
[2010/05/26 08:50:09 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Randy\My Documents\MA CERT SCHOOL.wps
[2010/02/28 20:01:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/11/17 00:09:13 | 000,042,678 | ---- | C] () -- C:\Documents and Settings\Randy\Application Data\wklnhst.dat
[2009/11/16 23:25:41 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\HPWALog.txt
[2009/09/30 18:03:23 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/09/30 17:19:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/06/18 12:36:14 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\cam3820.ini
[2009/05/22 17:23:02 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/10 22:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== LOP Check ==========

[2010/02/04 14:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/08 07:47:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/16 00:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/02/07 10:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2009/09/30 17:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/07/22 10:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/06/02 20:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/09 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/11 18:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Inbox Toolbar
[2010/02/07 10:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Netscape
[2010/07/22 08:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\SafeReturner
[2009/11/17 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\Template
[2009/11/16 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\WildTangent
[2010/08/22 08:47:37 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
[2010/08/22 07:59:24 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/21 20:55:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8A7CC67-5D07-4219-BF63-A977CE05817E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 07:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/10 14:51:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/10 14:51:46 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/10 14:51:44 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/07/24 10:58:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/16 23:24:37 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/22 08:34:50 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/22 07:53:58 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/04/15 08:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/04/15 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/22 07:53:56 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/17 22:45:29 | 000,000,369 | ---- | M] () -- C:\rkill.log
[2009/09/30 17:29:17 | 000,000,061 | -H-- | M] () -- C:\splash.idx
[2009/11/16 18:30:19 | 000,000,036 | -HS- | M] () -- C:\syncguid.dat
[2010/07/18 14:04:49 | 000,044,816 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_18.07.2010_14.03.10_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/08/05 22:18:26 | 000,005,392 | -H-- | M] () -- C:\version

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/18 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8S.DLL
[2007/03/18 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8S.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/14 19:06:40 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: AHCIX86S.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: ATAPI.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 19:10:32 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: ENETHOOK.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: EVENTLOG.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2009/06/04 22:43:16 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\drivers\iaStor.sys
[2009/06/04 22:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\SwSetup\HDD\IaStor.sys
[2009/06/04 22:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: IDECHNDR.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: KR10N.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: LOGEVENT.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NETLOGON.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\netlogon.dll

< MD5 for: NTELOGON.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVATA.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVATABUS.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVGTS.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVRD32.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVSTOR.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: NVSTOR32 >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: SCECLI.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\scecli.dll

< MD5 for: SCECLT.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: USER32.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\user32.dll

< MD5 for: VAXSCSI.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: VIAMRAID.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: VIASRAID.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: VIPRT.SYS >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file

< MD5 for: WS2_32.DLL >
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () .cab file -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\Driver Cache\i386\sp3.cab: Invalid or corrupt .cab file
[2008/04/15 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2008/04/15 08:00:00 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\System Rollback Data\Restore\Current\07312\1\Attrib\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< >

========== Files - Unicode (All) ==========
[2009/11/16 17:52:34 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/11/16 17:52:34 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
< End of report >


OTL Extras logfile created on: 8/22/2010 8:43:42 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Randy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 433.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 90.00 Gb Free Space | 60.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENSBABY
Current User Name: Randy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3923972537-395328355-2521877187-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10385C4F-A6B2-4913-975D-6828928222EC}" = HP User Guides 0165
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{431A5BB6-E5E2-444E-8AF3-70E6BF16DEF6}" = HP Webcam-50
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{53F08287-443D-4FC0-B74D-1169B6B9A71C}" = HP Instant Web
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C735206E-A8D7-2DC8-EADF-744C18174654}" = Acrobat.com
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Photodex Presenter" = Photodex Presenter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2010 10:47:12 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24500

Error - 8/19/2010 10:47:14 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/19/2010 10:47:14 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26515

Error - 8/19/2010 10:47:14 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26515

Error - 8/20/2010 7:49:54 AM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/20/2010 7:49:54 AM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2047

Error - 8/20/2010 7:49:54 AM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2047

Error - 8/21/2010 11:57:34 AM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/21/2010 12:12:50 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2203

Error - 8/21/2010 12:12:50 PM | Computer Name = JENSBABY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2203

[ System Events ]
Error - 8/16/2010 3:48:28 PM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/16/2010 3:48:28 PM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 8/16/2010 3:48:28 PM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 8/16/2010 8:37:59 PM | Computer Name = JENSBABY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0C607675D12B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/22/2010 7:54:49 AM | Computer Name = JENSBABY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/22/2010 7:54:51 AM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/22/2010 7:54:51 AM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 8/22/2010 7:54:51 AM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 8/22/2010 8:44:32 AM | Computer Name = JENSBABY | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/22/2010 8:44:32 AM | Computer Name = JENSBABY | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 23 August 2010 - 06:07 PM

Hello, carocake.

Ok, thanks for letting me know what happened. How did you try to backup? You may want to copy My Documents manually before we proceed, I can't guarantee data loss. It is rare, but there is a very real chance we could lose all data. I checked the links and it appears it's fixed to GMER again. Could have been a redirect due to a virus too.


Let's run an MBR Scan before we proceed and you can let me know if you were able to backup or not. By the way, please don't back up program files (.exe, .com, .bat, .pif, .scr, etc.) or system files (.drv, .sys, or anything in C:\windows) as they have a much higher chance of being infected than any other file types. Stick to documents, photos, videos, saved games/files, etc.


Also, are you getting redirects, or did that clear up in the interim?



Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 24 August 2010 - 04:12 PM

Hello again;

still can't get the GMER to work but did do the MBR:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A88000 \WINDOWS\system32\KDCOM.DLL
0xF7998000 \WINDOWS\system32\BOOTVID.dll
0xF7459000 ACPI.sys
0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7448000 pci.sys
0xF7588000 isapnp.sys
0xF7428000 fltMgr.sys
0xF799C000 compbatt.sys
0xF79A0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B50000 pciide.sys
0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8C000 aliide.sys
0xF7A8E000 viaide.sys
0xF7A90000 intelide.sys
0xF7598000 MountMgr.sys
0xF7409000 ftdisk.sys
0xF79A4000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7810000 PartMgr.sys
0xF75A8000 VolSnap.sys
0xF732F000 iaStor.sys
0xF75B8000 disk.sys
0xF75C8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7317000 syscow32x.sys
0xF72DE000 PCTCore.sys
0xF75D8000 PxHelp20.sys
0xF72C7000 KSecDD.sys
0xF723A000 Ntfs.sys
0xF720D000 NDIS.sys
0xF7818000 SaibIa32.sys
0xF75E8000 SahdIa32.sys
0xF71F3000 Mup.sys
0xF7788000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6449000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6435000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF640D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF628D000 \SystemRoot\system32\DRIVERS\athw.sys
0xF7798000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xF7890000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6269000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7898000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6238000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AD2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF61BC000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF710B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7107000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7C4D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7103000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF61A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6194000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7628000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AD4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6171000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6113000 \SystemRoot\system32\DRIVERS\update.sys
0xF6AA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7638000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xF7648000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7768000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA6E21000 \SystemRoot\system32\drivers\sthda.sys
0xA6DFD000 \SystemRoot\system32\drivers\portcls.sys
0xF7778000 \SystemRoot\system32\drivers\drmk.sys
0xA6DE1000 \SystemRoot\system32\drivers\AESTAud.sys
0xF7143000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA6CB6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xA2075000 \SystemRoot\System32\Drivers\cam3820a.sys
0xA6D51000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF7AB2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AB4000 \SystemRoot\System32\Drivers\Beep.SYS
0xA967B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA9673000 \SystemRoot\System32\drivers\vga.sys
0xF7AB8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ABA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA966B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7980000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6D39000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2042000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1FE9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1FC1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA6D31000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA1F9F000 \SystemRoot\System32\drivers\afd.sys
0xA6D41000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7758000 \SystemRoot\System32\Drivers\SaibVd32.sys
0xA1F74000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1F04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF69DF000 \SystemRoot\System32\Drivers\Fips.SYS
0xA1EDE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7838000 \??\C:\SPLASH.SYS\config\dvmio.sys
0x9E19A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9C753000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9F11E000 \SystemRoot\System32\drivers\Dxapi.sys
0x9D468000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9C976000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9D2A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C5FE000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7738000 \SystemRoot\system32\drivers\sysaudio.sys
0x9C463000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9C3BC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7988000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0x9BBAA000 \SystemRoot\System32\Drivers\HTTP.sys
0x99FB7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
776 C:\WINDOWS\system32\smss.exe
824 C:\WINDOWS\system32\csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1056 C:\WINDOWS\system32\svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1152 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1188 C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
1208 C:\WINDOWS\system32\svchost.exe
1444 C:\WINDOWS\system32\svchost.exe
1480 C:\WINDOWS\system32\svchost.exe
1720 C:\WINDOWS\explorer.exe
608 C:\WINDOWS\system32\spoolsv.exe
644 C:\Program Files\IDT\WDM\stacsv.exe
1744 C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
1964 C:\WINDOWS\system32\svchost.exe
1164 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
1336 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1368 C:\Program Files\Bonjour\mDNSResponder.exe
1388 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1680 C:\WINDOWS\system32\cisvc.exe
1716 C:\SPLASH.SYS\config\DVMExportService.exe
756 C:\Program Files\Java\jre6\bin\jqs.exe
1980 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1844 C:\Program Files\Spyware Doctor\pctsAuxs.exe
768 C:\Program Files\Spyware Doctor\pctsSvc.exe
1540 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1600 C:\Program Files\Spyware Doctor\pctsTray.exe
1604 C:\WINDOWS\system32\svchost.exe
3340 C:\WINDOWS\system32\alg.exe
3708 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3720 C:\Program Files\Java\jre6\bin\jusched.exe
3792 C:\Program Files\iTunes\iTunesHelper.exe
3820 C:\WINDOWS\system32\igfxtray.exe
3908 C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
3968 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
4060 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4068 C:\Program Files\Microsoft Security Essentials\msseces.exe
408 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
692 C:\WINDOWS\system32\igfxpers.exe
1924 C:\Program Files\HP\HPBTWD.exe
388 C:\WINDOWS\system32\hkcmd.exe
908 C:\WINDOWS\system32\ctfmon.exe
2132 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2284 C:\Program Files\Microsoft Works\WkCalRem.exe
2768 C:\WINDOWS\system32\igfxsrvc.exe
640 C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
3636 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4036 C:\Program Files\iPod\bin\iPodService.exe
3164 C:\WINDOWS\system32\wbem\wmiprvse.exe
3444 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3556 C:\WINDOWS\system32\dllhost.exe
1560 C:\WINDOWS\system32\msdtc.exe
4296 C:\WINDOWS\system32\cidaemon.exe
3404 C:\Program Files\Spyware Doctor\Alert.exe
2360 C:\Program Files\Internet Explorer\iexplore.exe
4472 C:\Program Files\Internet Explorer\iexplore.exe
5280 C:\Documents and Settings\Randy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-15

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

By the way the redirects have stopped thanks to something I did per this site but can't remember what it was at the moment. I have noticed that my computer is excrutiatingly slow lately and the C++ error has been popping up on my computer practically since the first week I got it.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 25 August 2010 - 05:29 PM

Hello, carocake.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 26 August 2010 - 04:26 PM

Hello again. I have run the Combofix:
ComboFix 10-08-26.02 - Randy 08/26/2010 16:20:12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.451 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\etavaresCF.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Randy\GoToAssistDownloadHelper.exe
C:\Install.exe
c:\windows\system32\sqlite3.dll
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 20:03 . 2010-08-26 20:10 -------- d-----w- C:\etavaresCF
2010-08-23 09:49 . 2010-08-23 09:49 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Threat Expert
2010-08-23 03:08 . 2010-01-27 17:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-23 03:08 . 2010-01-22 12:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-23 03:08 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-08-23 03:08 . 2009-10-28 04:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-23 03:08 . 2010-01-22 12:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-23 03:08 . 2010-01-22 12:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-23 03:08 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-23 03:07 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-23 03:07 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-23 03:07 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-23 02:23 . 2010-08-23 03:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-23 02:23 . 2010-08-26 19:53 -------- d-----w- c:\program files\Spyware Doctor
2010-08-23 02:23 . 2010-08-23 02:23 -------- d-----w- c:\documents and settings\Randy\Application Data\PC Tools
2010-08-23 02:23 . 2010-08-23 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-23 02:23 . 2010-08-26 20:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-14 01:22 . 2010-08-14 01:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 20:26 . 2010-06-24 12:22 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-08-12 20:26 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-10 22:12 . 2010-08-10 22:12 437760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{429DE760-CB41-D74F-0034-0AA2ADFD001B}-wmsdk64_32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 20:55 . 2009-11-17 04:09 42620 ----a-w- c:\documents and settings\Randy\Application Data\wklnhst.dat
2010-08-22 02:40 . 2009-09-30 21:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 16:57 . 2009-09-30 21:33 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:07 . 2009-09-30 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 00:01 . 2009-11-17 01:21 -------- d-----w- c:\documents and settings\Randy\Application Data\Skype
2010-07-24 17:40 . 2010-07-16 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 14:32 . 2010-07-24 14:32 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-22 21:26 . 2010-07-22 21:26 388096 ----a-r- c:\documents and settings\Randy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-22 21:26 . 2010-07-22 21:26 -------- d-----w- c:\program files\Trend Micro
2010-07-22 14:16 . 2009-09-30 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-07-22 14:04 . 2010-07-18 13:53 -------- d-----w- c:\program files\Safe Returner
2010-07-22 12:32 . 2010-07-18 13:53 -------- d-----w- c:\documents and settings\Randy\Application Data\SafeReturner
2010-07-18 18:00 . 2008-04-15 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-07-18 03:57 . 2010-07-18 21:26 185388 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-07-18 02:50 . 2010-07-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-16 19:02 . 2010-07-16 19:02 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2010-07-16 16:53 . 2010-07-16 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-15 21:56 . 2010-06-03 00:08 -------- d-----w- c:\program files\QuickTime
2010-07-15 19:19 . 2010-07-15 18:53 548800 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2010-07-15 19:16 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-07-15 19:10 . 2010-07-15 18:59 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-15 19:08 . 2010-07-15 19:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-15 19:07 . 2009-09-30 21:37 -------- d-----w- c:\program files\Microsoft.NET
2010-07-15 18:59 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-15 18:54 . 2010-07-15 18:54 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-07-15 18:54 . 2010-07-15 18:54 -------- d-----w- c:\program files\IIS
2010-07-15 18:47 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-07-15 17:37 . 2010-07-15 17:37 -------- d-----w- c:\program files\Microsoft
2010-07-15 14:13 . 2009-11-17 03:06 -------- d-----w- c:\program files\Google
2010-06-30 12:31 . 2010-06-30 12:31 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2010-08-12 20:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-06-23 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2010-08-12 20:27 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2010-06-17 14:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2010-07-14 10:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2010-06-14 07:41 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 22:50 . 2010-02-02 23:20 38784 ----a-w- c:\documents and settings\Randy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-01 17:37 . 2010-07-24 14:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 00:12 . 2009-11-16 21:53 23572000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-18 00:12 . 2009-11-16 21:53 328480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-17 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Randy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/22/2010 11:07 PM 218592]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [9/30/2009 5:41 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [9/30/2009 5:41 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [7/2/2009 2:10 AM 103792]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [7/27/2009 3:01 PM 16984]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [9/30/2009 5:41 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 10:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [7/9/2009 7:08 AM 199152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [8/22/2010 11:08 PM 112592]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [7/8/2009 10:55 PM 323584]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/30/2009 5:22 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [6/18/2009 12:36 PM 308608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 4:11 PM 39424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:46 PM 135664]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/22/2010 11:07 PM 366840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-26 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 11:09]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:46]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:46]

2010-08-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{E8A7CC67-5D07-4219-BF63-A977CE05817E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:sale-7vzcw-1526556043@craigslist.org?subject=Wicker%20Daybed%20-%20%2450%20(Pawleys%20Island%2C%20SC)&body=%0A%0Ahttp%3A%2F%2Fmyrtlebeach.craigslist.org%2Ffuo%2F1526556043.html%0A
uInternet Settings,ProxyServer = http=127.0.0.1:5643
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(904)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-08-26 16:39:01
ComboFix-quarantined-files.txt 2010-08-26 20:38

Pre-Run: 93,396,885,504 bytes free
Post-Run: 93,843,050,496 bytes free

- - End Of File - - 6C9E44866B56BE1B8F6CD1E370FA90D2


The internet seems to be running better now but still have runtime errorC++ popping up. Am I supposed to delete any of these programs that I have downloaded for these repairs? I have added so many since this whole thing started?

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 26 August 2010 - 06:09 PM

Hello, carocake.
Exactly what C++ error do you get? What does it say? What are you doing when it pops up? We'll delete the other programs when we're done.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 26 August 2010 - 07:18 PM

Ok - did as requested - new log:

ComboFix 10-08-26.02 - Randy 08/26/2010 19:40:00.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.394 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 20:03 . 2010-08-26 20:10 -------- d-----w- C:\etavaresCF
2010-08-23 09:49 . 2010-08-23 09:49 -------- d-----w- c:\documents and settings\Randy\Local Settings\Application Data\Threat Expert
2010-08-23 03:08 . 2010-01-27 17:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-23 03:08 . 2010-01-22 12:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-23 03:08 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-08-23 03:08 . 2009-10-28 04:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-23 03:08 . 2010-01-22 12:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-23 03:08 . 2010-01-22 12:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-23 03:08 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-23 03:07 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-23 03:07 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-23 03:07 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-23 02:23 . 2010-08-23 03:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-23 02:23 . 2010-08-26 19:53 -------- d-----w- c:\program files\Spyware Doctor
2010-08-23 02:23 . 2010-08-23 02:23 -------- d-----w- c:\documents and settings\Randy\Application Data\PC Tools
2010-08-23 02:23 . 2010-08-23 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-23 02:23 . 2010-08-26 23:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-14 01:22 . 2010-08-14 01:22 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 20:26 . 2010-06-24 12:22 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-08-12 20:26 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-10 22:12 . 2010-08-10 22:12 437760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{429DE760-CB41-D74F-0034-0AA2ADFD001B}-wmsdk64_32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 20:55 . 2009-11-17 04:09 42620 ----a-w- c:\documents and settings\Randy\Application Data\wklnhst.dat
2010-08-22 02:40 . 2009-09-30 21:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 16:57 . 2009-09-30 21:33 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:07 . 2009-09-30 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 00:01 . 2009-11-17 01:21 -------- d-----w- c:\documents and settings\Randy\Application Data\Skype
2010-07-24 17:40 . 2010-07-16 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 14:32 . 2010-07-24 14:32 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-22 21:26 . 2010-07-22 21:26 388096 ----a-r- c:\documents and settings\Randy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-22 21:26 . 2010-07-22 21:26 -------- d-----w- c:\program files\Trend Micro
2010-07-22 14:16 . 2009-09-30 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-07-22 14:04 . 2010-07-18 13:53 -------- d-----w- c:\program files\Safe Returner
2010-07-22 12:32 . 2010-07-18 13:53 -------- d-----w- c:\documents and settings\Randy\Application Data\SafeReturner
2010-07-18 18:00 . 2008-04-15 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-07-18 03:57 . 2010-07-18 21:26 185388 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-07-18 02:50 . 2010-07-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-16 19:02 . 2010-07-16 19:02 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2010-07-16 16:53 . 2010-07-16 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-15 21:56 . 2010-06-03 00:08 -------- d-----w- c:\program files\QuickTime
2010-07-15 19:19 . 2010-07-15 18:53 548800 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2010-07-15 19:16 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-07-15 19:10 . 2010-07-15 18:59 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-15 19:08 . 2010-07-15 19:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-15 19:07 . 2009-09-30 21:37 -------- d-----w- c:\program files\Microsoft.NET
2010-07-15 18:59 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft SDKs
2010-07-15 18:54 . 2010-07-15 18:54 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-07-15 18:54 . 2010-07-15 18:54 -------- d-----w- c:\program files\IIS
2010-07-15 18:47 . 2010-07-15 18:47 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-07-15 17:37 . 2010-07-15 17:37 -------- d-----w- c:\program files\Microsoft
2010-07-15 14:13 . 2009-11-17 03:06 -------- d-----w- c:\program files\Google
2010-06-30 12:31 . 2010-06-30 12:31 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2010-08-12 20:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2010-06-23 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2010-08-12 20:27 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2010-06-17 14:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2010-07-14 10:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2010-06-14 07:41 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 22:50 . 2010-02-02 23:20 38784 ----a-w- c:\documents and settings\Randy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-01 17:37 . 2010-07-24 14:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 00:12 . 2009-11-16 21:53 23572000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-18 00:12 . 2009-11-16 21:53 328480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-17 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Randy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/22/2010 11:07 PM 218592]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [9/30/2009 5:41 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [9/30/2009 5:41 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [7/2/2009 2:10 AM 103792]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [7/27/2009 3:01 PM 16984]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [9/30/2009 5:41 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 10:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [7/9/2009 7:08 AM 199152]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [8/22/2010 11:08 PM 112592]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [7/8/2009 10:55 PM 323584]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/30/2009 5:22 PM 113664]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [6/18/2009 12:36 PM 308608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 4:11 PM 39424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:46 PM 135664]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/22/2010 11:07 PM 366840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-08-26 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 11:09]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:46]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:46]

2010-08-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{E8A7CC67-5D07-4219-BF63-A977CE05817E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:sale-7vzcw-1526556043@craigslist.org?subject=Wicker%20Daybed%20-%20%2450%20(Pawleys%20Island%2C%20SC)&body=%0A%0Ahttp%3A%2F%2Fmyrtlebeach.craigslist.org%2Ffuo%2F1526556043.html%0A
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 19:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(904)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-26 19:58:00
ComboFix-quarantined-files.txt 2010-08-26 23:57
ComboFix2.txt 2010-08-26 20:39

Pre-Run: 93,745,307,648 bytes free
Post-Run: 93,771,313,152 bytes free

- - End Of File - - 6115C2D66D93902E01AFA8E5E0273DD9


The error I keep getting usually pops up while on internet and still but I also get it when I have just opened computer up from hibernate. I have had this error almost since I first got my computer and tried to reinstall microsoft visual blah blah blah .... but it didn't work.

Application popup: Microsoft Visual C++ Runtime Library : Runtime Error!

Program: C:\...

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 27 August 2010 - 05:18 PM

What version of IE are you using? It may be a plug-in for Internet Explorer. When you hibernate, is IE open?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 27 August 2010 - 07:23 PM

I AM RUNNING INTERNET EXPLORER 8.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 29 August 2010 - 06:16 AM

OK, let's try IE8 without add-ons. A common cause of that error is a corrupted add-on.

To do that; look for the icon named Internet Explorer (no add-ons) in your start menu.

It may be in Start --> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons)

Try surfing with that...do you get any errors?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 carocake

carocake
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 30 August 2010 - 04:59 PM

OK - tried the without add on thing but still got the message - also noticed that my computer is running very slow on outlook and in fact when I type in something and hit search nothing happens. I hear the click like it acknowleged my hitting the button but it doesn't search. If I hit refresh or close out and go back in it will work again sad.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users