# Browser HiJacked and redirects to other sites



## Farina2 (Aug 7, 2011)

MalwareBytes says no virus. But browser redirects to odd sites...says I won and must claim prize in ? seconds or Google News site. Google site will be SCgoogle. Others have different letters in front.

HiJackThis Log follows. Been working on this 3 days and can't fix it.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 1022 Mb
Graphics Card: NVIDIA Quadro NVS 110M , 256 Mb
Hard Drives: C: Total - 57160 MB, Free - 30671 MB; 
Motherboard: Dell Inc., 0JF240, , .DV9KPB1.CN4864367I2930.
Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:44 PM, on 8/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\lxdvcoms.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - http://talkslive.com/demoroom/viewerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161429824031
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12466 bytes


----------



## RedCar92 (Jan 10, 2011)

Hello and welcome to TSG Form. 
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.
*


Please observe these rules while we work:
*

Read the entire procedure
It is important to perform *ALL* actions in sequence.
If you don't know, *stop and ask!* Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear. Malware removal can be stressful but we *will* clean it.
*Remember, absence of symptoms does not mean the infection is all gone.*
*Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.*

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

*IMPORTANT NOTE : Please do not delete anything unless instructed to.*
*DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.*

*Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.*

*Stay with this topic until I give you the all clean post.*


----------



## Farina2 (Aug 7, 2011)

Thsnks Bill. I await further instructions.


----------



## RedCar92 (Jan 10, 2011)

Thanks Farina2, I'll be back asap.


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2

*First*


Please download *aswMBR* ( 511KB ) to your desktop.
Double click the *aswMBR.exe* icon to run it
Click the *Scan* button to start the scan
On completion of the scan, click the *save log* button, save it to your *desktop* and post it in your next reply.

*Next*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Custom Scan paste this in:
*
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT*


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


Logs to post


*aswMBR.txt*
*OTL.txt*
*Extras.txt*


----------



## Farina2 (Aug 7, 2011)

Hi Bill, Your requested scans & logs...

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-08 16:04:51
-----------------------------
16:04:51.265 OS Version: Windows 5.1.2600 Service Pack 3
16:04:51.265 Number of processors: 2 586 0xE08
16:04:51.265 ComputerName: EVALAPPY UserName: Eva
16:04:53.109 Initialize success
16:16:03.140 AVAST engine defs: 11080800
16:16:42.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:16:42.265 Disk 0 Vendor: ST96812AS 8.04 Size: 57231MB BusType: 3
16:16:42.265 Device \Driver\atapi -> DriverStartIo 870ad51b
16:16:44.421 Disk 0 MBR read successfully
16:16:44.625 Disk 0 MBR scan
16:16:45.218 Disk 0 MBR:Alureon-G [Rtk]
16:16:45.390 Disk 0 [email protected] code has been found
16:16:45.390 Disk 0 Windows XP default MBR code found via API
16:16:45.406 Disk 0 MBR hidden
16:16:45.406 Disk 0 MBR [TDL4] **ROOTKIT**
16:16:45.437 Disk 0 trace - called modules:
16:16:45.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870ad6d0]<<
16:16:45.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87108ab8]
16:16:46.031 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> [0x8717dc30]
16:16:46.078 \Driver\atapi[0x870eaa08] -> IRP_MJ_CREATE -> 0x870ad6d0
16:17:14.421 AVAST engine scan C:\WINDOWS
16:17:32.718 AVAST engine scan C:\WINDOWS\system32
16:17:38.937 File: C:\WINDOWS\system32\AmRes_en.dll **INFECTED** Win32:Malware-gen
16:17:39.734 File: C:\WINDOWS\system32\AmRes_fr.dll **INFECTED** Win32:Malware-gen
16:17:40.484 File: C:\WINDOWS\system32\AmRes_ja.dll **INFECTED** Win32:Malware-gen
16:22:39.968 AVAST engine scan C:\WINDOWS\system32\drivers
16:23:30.390 AVAST engine scan C:\Documents and Settings\Eva
16:28:18.453 AVAST engine scan C:\Documents and Settings\All Users
16:30:06.375 Scan finished successfully
16:32:53.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eva\Desktop\MBR.dat"
16:32:53.703 The log file has been saved successfully to "C:\Documents and Settings\Eva\Desktop\aswMBR log.txt"

OTL Extras logfile created on: 8/8/2011 4:42:49 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Eva\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 142.93 Mb Available Physical Memory | 13.98% Memory free
3.83 Gb Paging File | 2.35 Gb Available in Paging File | 61.38% Paging File free
Paging file location(s): C:\pagefile.sys 3000 5062 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.82 Gb Total Space | 30.00 Gb Free Space | 53.74% Space Free | Partition Type: NTFS

Computer Name: EVALAPPY | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team -- (©Telco Advertisng, Ltd.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\NinjaTrader 5\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application
"C:\WINDOWS\system32\lxdvcoms.exe" = C:\WINDOWS\system32\lxdvcoms.exe:*:Enabled:X5400 Series Server -- ( )
"C:\Program Files\Lexmark X5400 Series\lxdvmon.exe" = C:\Program Files\Lexmark X5400 Series\lxdvmon.exe:*:Enabledrinter Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe:*:Enabledrinter Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark X5400 Series\frun.exe" = C:\Program Files\Lexmark X5400 Series\frun.exe:*:Enabledrinting Application -- ()
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{289678F6-FF27-441c-B795-CB77192C8B78}" = CameraUserGuides
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DE297D5-4479-4ADC-944C-765CADFA31C7}" = 
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8696ED8F-F797-40F0-A52A-CF6552E338E1}" = Mobile Broadband Drivers
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A42F680-2DD6-11D4-9A8C-0040F6982C20}" = 
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE90089-DCC9-4393-A535-802072333C35}" = Preboot Manager
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E49A8EE-AF96-451a-8468-CD2506108218}" = HP Photosmart Cameras 9.0
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A16D1342-A3EE-456C-8506-0B0B99E2C48D}" = TradeStation 8.5 (Build 2289)
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2529672-574A-4A99-86A5-C1770A0E31FE}" = 
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A68E6690-3D07-4B0B-BFAB-3457B5FD8F69}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEAA5289-7416-4BDE-9C4B-3B0ADAAACF22}" = 
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE0C7E78-E597-494C-A781-8566119A7905}" = TradeStation 8.4 (Build 1693)
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D648B20B-A789-407E-8CA4-9BDDBBE342C8}" = upekmsi
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DD7DAFE2-EC2C-4128-AC44-4FDE894540BA}" = TradeStation 8.6 (Build 2612)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93525C8-AB72-40ad-845F-34393FA2F9FE}" = CameraDrivers
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F2B8F8EE-4811-4A28-9305-6640CD007115}" = Wave Infrastructure Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"AddressBook" = 
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"Branding" = 
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Connection Manager" = 
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DirectAnimation" = 
"DirectDrawEx" = 
"DXM_Runtime" = 
"Fontcore" = 
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ICW" = 
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" = 
"IE4Data" = 
"IE5BAKEX" = 
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" = 
"InstallShield Uninstall Information" = 
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{BE0C7E78-E597-494C-A781-8566119A7905}" = TradeStation 8.4 (Build 1693)
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Lexmark X5400 Series" = Lexmark X5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" = 
"mIRC" = mIRC
"MobileOptionPack" = 
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NetMeeting" = 
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OutlookExpress" = 
"PCHealth" = 
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SchedulingAgent" = 
"TaxACT 2007" = TaxACT 2007
"Trader Workstation 4.0" = Trader Workstation 4.0
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/8/2011 4:34:58 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=D50:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 4:42:06 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=1254:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 4:49:02 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=13DC:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 4:56:09 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=B5C:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:03:09 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=1434:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:10:07 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=107C:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:17:08 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=2AC:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:24:08 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=710:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:31:08 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=1474:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

Error - 8/8/2011 5:38:21 PM | Computer Name = EVALAPPY | Source = Application Virtualization Client | ID = 3037
Description = {tid=164C:usr=Eva} The Application Virtualization Client cannot open
Virtual Search Host 9014006204090000

[ System Events ]
Error - 8/8/2011 3:19:51 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7000
Description = The lxdvCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 8/8/2011 3:22:02 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/8/2011 3:22:02 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 8/8/2011 3:55:00 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdvCATSCustConnectService
service to connect.

Error - 8/8/2011 3:55:00 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7000
Description = The lxdvCATSCustConnectService service failed to start due to the 
following error: %%1053

Error - 8/8/2011 3:57:14 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/8/2011 3:57:14 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 8/8/2011 4:10:21 PM | Computer Name = EVALAPPY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate 
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 8/8/2011 4:10:32 PM | Computer Name = EVALAPPY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 8/8/2011 4:25:09 PM | Computer Name = EVALAPPY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

< End of report >

OTL logfile created on: 8/8/2011 4:42:46 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Eva\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 142.93 Mb Available Physical Memory | 13.98% Memory free
3.83 Gb Paging File | 2.35 Gb Available in Paging File | 61.38% Paging File free
Paging file location(s): C:\pagefile.sys 3000 5062 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.82 Gb Total Space | 30.00 Gb Free Space | 53.74% Space Free | Partition Type: NTFS

Computer Name: EVALAPPY | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Eva\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
PRC - C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
PRC - C:\WINDOWS\system32\lxdvcoms.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\common\DataServer.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Eva\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wxvault.dll ()
MOD - C:\WINDOWS\system32\detoured.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (lxdv_device) -- C:\WINDOWS\System32\lxdvcoms.exe ( )
SRV - (lxdvCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe ()
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co,LTD.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/06 07:47:31 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/08/06 14:43:00 | 000,379,684 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13084 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Reg Error: Key error.)
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} http://talkslive.com/demoroom/viewerx.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161429824031 (MUWebControl Class)
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://interactivebrokers.webex.com/client/T26L/nbr/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} http://fdl.msn.com/public/investor/v13/ticker.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\TradeStation.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TradeStation.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (tem32\wuweb.) - File not found
O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found
O30 - LSA: Security Packages - (CB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT 
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 16:34:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eva\Desktop\OTL.exe
[2011/08/08 16:04:07 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eva\Desktop\aswMBR.exe
[2011/08/08 10:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/07 17:38:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Eva\Recent
[2011/08/06 18:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/06 18:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/06 18:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eva\Start Menu\Programs\HiJackThis
[2011/08/06 18:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/06 14:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/06 09:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/06 09:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/06 07:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/05 16:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/08/05 15:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/05 15:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/08/05 11:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/05 11:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/26 12:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/24 18:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/07/10 14:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\CouponAlert_2pEI
[2008/11/28 15:42:19 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDVhcp.dll
[2008/11/28 15:42:18 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvinpa.dll
[2008/11/28 15:42:18 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdviesc.dll
[2008/11/28 15:42:17 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvserv.dll
[2008/11/28 15:42:17 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvusb1.dll
[2008/11/28 15:42:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvprox.dll
[2008/11/28 15:42:16 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvpmui.dll
[2008/11/28 15:42:16 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvlmpm.dll
[2008/11/28 15:42:15 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvih.exe
[2008/11/28 15:42:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvhbn3.dll
[2008/11/28 15:42:12 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcoms.exe
[2008/11/28 15:42:11 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomc.dll
[2008/11/28 15:42:11 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcomm.dll
[2008/11/28 15:42:10 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdvcfg.exe
[2008/07/15 15:02:44 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 16:39:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/08 16:34:19 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eva\Desktop\OTL.exe
[2011/08/08 16:32:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eva\Desktop\MBR.dat
[2011/08/08 16:23:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/08 16:04:04 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eva\Desktop\aswMBR.exe
[2011/08/08 15:57:16 | 000,017,128 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/08/08 15:57:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/08 15:55:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2011/08/08 15:54:36 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/08 15:54:36 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\FileCure Startup.job
[2011/08/08 15:54:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1172995801-1147203902-4100855620-1005.job
[2011/08/08 15:54:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 15:54:30 | 1071,833,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/08 07:24:45 | 127,331,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/07 17:41:02 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Eva\Desktop\HiJackThis.lnk
[2011/08/06 18:49:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/06 16:55:13 | 000,000,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/06 14:43:00 | 000,379,684 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/08/06 14:43:00 | 000,379,684 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/05 09:03:01 | 000,001,160 | -HS- | M] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\75pg32uc86hns2rqtr4c
[2011/08/05 09:03:01 | 000,001,160 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\75pg32uc86hns2rqtr4c
[2011/08/04 15:37:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1172995801-1147203902-4100855620-1005.job
[2011/07/29 10:36:46 | 000,816,436 | ---- | M] () -- C:\Documents and Settings\Eva\My Documents\fairy tale.mht
[2011/07/26 14:04:13 | 000,003,601 | ---- | M] () -- C:\Documents and Settings\All Users\lxdv
[2011/07/20 06:33:31 | 000,017,128 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/15 10:53:08 | 002,310,756 | ---- | M] () -- C:\Documents and Settings\Eva\My Documents\HPIM0705.JPG
[2011/07/14 13:30:57 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 09:50:15 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 16:32:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eva\Desktop\MBR.dat
[2011/08/06 18:49:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/06 18:12:26 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Eva\Desktop\HiJackThis.lnk
[2011/08/06 17:40:44 | 1071,833,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/06 16:53:41 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/05 09:02:49 | 000,001,160 | -HS- | C] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\75pg32uc86hns2rqtr4c
[2011/08/05 09:02:49 | 000,001,160 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\75pg32uc86hns2rqtr4c
[2011/07/29 10:36:45 | 000,816,436 | ---- | C] () -- C:\Documents and Settings\Eva\My Documents\fairy tale.mht
[2011/07/15 12:16:34 | 002,310,756 | ---- | C] () -- C:\Documents and Settings\Eva\My Documents\HPIM0705.JPG
[2011/05/25 10:46:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 07:36:20 | 000,001,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pd71o6fv8o7h427i7b7bboc
[2011/05/17 07:36:19 | 000,001,348 | -HS- | C] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\pd71o6fv8o7h427i7b7bboc
[2011/05/15 12:31:21 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 12:31:21 | 000,001,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2010/07/07 12:32:26 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/24 15:58:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/26 15:19:08 | 000,159,930 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/17 07:55:14 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/03/19 06:11:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/11/28 15:48:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdvvs.dll
[2008/11/28 15:48:09 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdvcoin.dll
[2008/11/28 15:45:56 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdvdrs.dll
[2008/11/28 15:45:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdvcaps.dll
[2008/11/28 15:45:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdvcnv4.dll
[2008/11/28 15:42:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdvrwrd.ini
[2008/11/28 15:42:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDVinst.dll
[2008/11/28 15:42:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdvgrd.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/24 11:37:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/02/11 13:44:39 | 000,000,170 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/02/11 13:44:39 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/02/11 13:44:39 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/12/31 17:35:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2007/12/31 17:35:12 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2007/12/31 17:35:11 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll
[2007/12/31 17:35:11 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll
[2007/12/31 17:35:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/12/29 14:03:16 | 000,131,894 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/12/29 14:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/06 06:38:20 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/22 20:35:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/05 09:56:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/03/05 09:56:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/01/01 09:19:15 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/01/01 09:19:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/12/13 07:32:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/12/12 10:06:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/12/12 10:05:15 | 000,000,464 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/12/12 10:05:15 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/12/12 10:05:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/12/12 10:05:15 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/12/12 10:05:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006/12/12 10:01:42 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/10/27 07:47:06 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2006/09/06 20:17:05 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2006/09/06 19:57:48 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2006/09/06 19:57:46 | 000,027,136 | ---- | C] () -- C:\WINDOWS\toFront.dll
[2006/09/06 19:57:46 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2006/09/06 19:15:26 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Eva\Local Settings\Application Data\fusioncache.dat
[2006/08/30 03:29:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/30 03:27:14 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/08/30 03:25:05 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/08/30 03:25:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/08/30 03:05:44 | 000,017,128 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2006/08/30 03:02:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/30 03:02:10 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/30 03:02:10 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/30 03:02:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/30 03:02:09 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/30 03:02:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/30 03:02:08 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/30 03:02:07 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/30 03:02:07 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/30 03:02:06 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/30 03:00:54 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 18:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,467,848 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,080,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2008/07/15 15:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\09
[2011/02/26 16:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aAgNpBd06300
[2011/05/10 17:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/14 21:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/14 21:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/11 10:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dGjNj06301
[2010/11/16 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/07/07 12:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/06 09:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/09/10 07:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2008/05/09 17:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2006/12/12 10:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/06 17:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/01/06 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/02 07:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2006/08/30 03:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/04/05 08:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32}
[2010/11/14 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\AVG
[2010/10/14 21:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\AVG10
[2008/11/28 16:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\Lexmark Productivity Studio
[2007/12/31 17:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\MGI
[2007/10/01 08:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\MSNInstaller
[2010/11/06 10:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\OpenOffice.org
[2011/01/30 10:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\ScanSoft
[2008/09/18 07:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\Smith Micro
[2011/08/08 17:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\SoftGrid Client
[2011/01/30 09:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\TP
[2009/04/05 13:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\TradeStation Technologies
[2010/03/15 07:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\Uniblue
[2009/07/04 21:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\Windows Desktop Search
[2009/11/07 09:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eva\Application Data\Windows Search
[2010/11/16 10:45:24 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Default.job
[2011/08/08 15:54:36 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\FileCure Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >


----------



## RedCar92 (Jan 10, 2011)

Exactly what we need, thanks.


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2
First we need to get rid of a nasty rootkit,


Double click the *aswMBR.exe* icon to run it
Click the *Scan* button to start the scan
Click *Scan*
On completion of the scan, click the *Fix* button.
Wait for the tool to report *'Infection fixed successfully'*, and reboot when prompted.









When it has rebooted, post the contents of the aswMBR.txt in your next reply.

*Next*
Run *OTL.exe*
Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

```
:OTL
[2008/02/11 13:44:39 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/02/11 13:44:39 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/08/30 03:27:14 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (*don't check* the boxes beside LOP Check or Purity this time)

Logs to post:


*aswMBR.txt*
*OTL.txt*
*How is your PC behaving now.*


----------



## Farina2 (Aug 7, 2011)

Bill, I had a small problem. Ran the aswMBR scan. When it was done, I clicked on the "Fix" button. Things happened and the last line read something like "Verifying something(Iforgot what it said...maybe Verify removal or something similar). At that point, an automatic Virus Scan started and locked up the computer. I had to reboot. I re-ran the aswMBR scan and it has finished but the "Fix" button is not prominent..only the "Fix MBR" button can be clicked.

Where do I go from here? Do I just continue with the OTL scan? And where is the aswMBR.txt I am supposed to send you? Did I lose it with the reboot.

Sorry for the mess up. Thanks for your help.


----------



## RedCar92 (Jan 10, 2011)

Hello Farina2, no problems, rerun aswMBR.exe click scan, if there are red entries click on Fix just as before, if no red entries click on save log and save to desktop. When done run the OTL section.


----------



## Farina2 (Aug 7, 2011)

3 entries starting at 18:40:32 showed red and say infected but did not remove when I clicked "Fix"

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST SoftwareRun date: 2011-08-09 18:39:30-----------------------------18:39:30.796 OS Version: Windows 5.1.2600 Service Pack 318:39:30.796 Number of processors: 2 586 0xE0818:39:30.796 ComputerName: EVALAPPY UserName: Eva18:39:32.890 Initialize success18:39:43.343 AVAST engine defs: 1108080018:39:46.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-318:39:46.125 Disk 0 Vendor: ST96812AS 8.04 Size: 57231MB BusType: 318:39:48.156 Disk 0 MBR read successfully18:39:48.156 Disk 0 MBR scan18:39:48.265 Disk 0 Windows XP default MBR code18:39:48.265 Disk 0 scanning sectors +11717811018:39:48.375 Disk 0 scanning C:\WINDOWS\system32\drivers18:40:17.000 Service scanning18:40:18.375 Modules scanning18:40:22.468 Disk 0 trace - called modules:18:40:22.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 18:40:22.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717aab8]18:40:22.500 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870e5940]18:40:22.906 AVAST engine scan C:\WINDOWS18:40:29.390 AVAST engine scan C:\WINDOWS\system3218:40:32.375 File: C:\WINDOWS\system32\AmRes_en.dll **INFECTED** Win32:Malware-gen18:40:32.437 File: C:\WINDOWS\system32\AmRes_fr.dll **INFECTED** Win32:Malware-gen18:40:32.515 File: C:\WINDOWS\system32\AmRes_ja.dll **INFECTED** Win32:Malware-gen18:43:16.218 AVAST engine scan C:\WINDOWS\system32\drivers18:43:36.890 AVAST engine scan C:\Documents and Settings\Eva18:48:38.171 AVAST engine scan C:\Documents and Settings\All Users18:51:03.687 Scan finished successfully18:54:38.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eva\Desktop\MBR.dat"18:54:38.437 The log file has been saved successfully to "C:\Documents and Settings\Eva\Desktop\aswMBR log4.txt"All processes killed========== OTL ==========C:\WINDOWS\akebook.ini moved successfully.C:\WINDOWS\a3kebook.ini moved successfully.C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare moved successfully.========== SERVICES/DRIVERS ==================== REGISTRY ==================== FILES ==================== COMMANDS ========== [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Eva->Temp folder emptied: 44224771 bytes->Temporary Internet Files folder emptied: 37704589 bytes->Java cache emptied: 608234 bytes->Flash cache emptied: 8595 bytes User: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 5686898 bytes->Java cache emptied: 3350 bytes->Flash cache emptied: 13645 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 159449673 bytes->Java cache emptied: 14 bytes->Flash cache emptied: 54869 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 41585 bytes%systemroot%\System32 .tmp files removed: 3709969 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 81353804 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 159145591 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 469.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User User: Eva->Flash cache emptied: 0 bytes User: LocalService->Flash cache emptied: 0 bytes User: NetworkService->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08092011_192529Files\Folders moved on Reboot...File\Folder C:\Documents and Settings\Eva\Local Settings\Temp\OICE_A04FAC8D-B6A7-4DAF-A56D-DDD7B6CB087E.0\C5374715. not found!C:\Documents and Settings\Eva\Local Settings\Temp\SearchMapi2PHFactory.log moved successfully.Registry entries deleted on Reboot...


----------



## Farina2 (Aug 7, 2011)

Bill, I'm not sure my last reply had all the info. Am doing it again.

3 entries showed red and did not "Fix" shown at 18:40:32

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST SoftwareRun date: 2011-08-09 18:39:30-----------------------------18:39:30.796 OS Version: Windows 5.1.2600 Service Pack 318:39:30.796 Number of processors: 2 586 0xE0818:39:30.796 ComputerName: EVALAPPY UserName: Eva18:39:32.890 Initialize success18:39:43.343 AVAST engine defs: 1108080018:39:46.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-318:39:46.125 Disk 0 Vendor: ST96812AS 8.04 Size: 57231MB BusType: 318:39:48.156 Disk 0 MBR read successfully18:39:48.156 Disk 0 MBR scan18:39:48.265 Disk 0 Windows XP default MBR code18:39:48.265 Disk 0 scanning sectors +11717811018:39:48.375 Disk 0 scanning C:\WINDOWS\system32\drivers18:40:17.000 Service scanning18:40:18.375 Modules scanning18:40:22.468 Disk 0 trace - called modules:18:40:22.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 18:40:22.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717aab8]18:40:22.500 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870e5940]18:40:22.906 AVAST engine scan C:\WINDOWS18:40:29.390 AVAST engine scan C:\WINDOWS\system3218:40:32.375 File: C:\WINDOWS\system32\AmRes_en.dll **INFECTED** Win32:Malware-gen18:40:32.437 File: C:\WINDOWS\system32\AmRes_fr.dll **INFECTED** Win32:Malware-gen18:40:32.515 File: C:\WINDOWS\system32\AmRes_ja.dll **INFECTED** Win32:Malware-gen18:43:16.218 AVAST engine scan C:\WINDOWS\system32\drivers18:43:36.890 AVAST engine scan C:\Documents and Settings\Eva18:48:38.171 AVAST engine scan C:\Documents and Settings\All Users18:51:03.687 Scan finished successfully18:54:38.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eva\Desktop\MBR.dat"18:54:38.437 The log file has been saved successfully to "C:\Documents and Settings\Eva\Desktop\aswMBR log4.txt"All processes killed========== OTL ==========C:\WINDOWS\akebook.ini moved successfully.C:\WINDOWS\a3kebook.ini moved successfully.C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare moved successfully.========== SERVICES/DRIVERS ==================== REGISTRY ==================== FILES ==================== COMMANDS ========== [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Eva->Temp folder emptied: 44224771 bytes->Temporary Internet Files folder emptied: 37704589 bytes->Java cache emptied: 608234 bytes->Flash cache emptied: 8595 bytes User: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 5686898 bytes->Java cache emptied: 3350 bytes->Flash cache emptied: 13645 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 159449673 bytes->Java cache emptied: 14 bytes->Flash cache emptied: 54869 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 41585 bytes%systemroot%\System32 .tmp files removed: 3709969 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 81353804 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 159145591 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 469.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User User: Eva->Flash cache emptied: 0 bytes User: LocalService->Flash cache emptied: 0 bytes User: NetworkService->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08092011_192529Files\Folders moved on Reboot...File\Folder C:\Documents and Settings\Eva\Local Settings\Temp\OICE_A04FAC8D-B6A7-4DAF-A56D-DDD7B6CB087E.0\C5374715. not found!C:\Documents and Settings\Eva\Local Settings\Temp\SearchMapi2PHFactory.log moved successfully.Registry entries deleted on Reboot...


----------



## Farina2 (Aug 7, 2011)

Those were not readable. Third try is right.

3 items stayed red and did not "Fix" starting at 18:40:32

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-09 18:39:30
-----------------------------
18:39:30.796 OS Version: Windows 5.1.2600 Service Pack 3
18:39:30.796 Number of processors: 2 586 0xE08
18:39:30.796 ComputerName: EVALAPPY UserName: Eva
18:39:32.890 Initialize success
18:39:43.343 AVAST engine defs: 11080800
18:39:46.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:39:46.125 Disk 0 Vendor: ST96812AS 8.04 Size: 57231MB BusType: 3
18:39:48.156 Disk 0 MBR read successfully
18:39:48.156 Disk 0 MBR scan
18:39:48.265 Disk 0 Windows XP default MBR code
18:39:48.265 Disk 0 scanning sectors +117178110
18:39:48.375 Disk 0 scanning C:\WINDOWS\system32\drivers
18:40:17.000 Service scanning
18:40:18.375 Modules scanning
18:40:22.468 Disk 0 trace - called modules:
18:40:22.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
18:40:22.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717aab8]
18:40:22.500 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870e5940]
18:40:22.906 AVAST engine scan C:\WINDOWS
18:40:29.390 AVAST engine scan C:\WINDOWS\system32
18:40:32.375 File: C:\WINDOWS\system32\AmRes_en.dll **INFECTED** Win32:Malware-gen
18:40:32.437 File: C:\WINDOWS\system32\AmRes_fr.dll **INFECTED** Win32:Malware-gen
18:40:32.515 File: C:\WINDOWS\system32\AmRes_ja.dll **INFECTED** Win32:Malware-gen
18:43:16.218 AVAST engine scan C:\WINDOWS\system32\drivers
18:43:36.890 AVAST engine scan C:\Documents and Settings\Eva
18:48:38.171 AVAST engine scan C:\Documents and Settings\All Users
18:51:03.687 Scan finished successfully
18:54:38.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eva\Desktop\MBR.dat"
18:54:38.437 The log file has been saved successfully to "C:\Documents and Settings\Eva\Desktop\aswMBR log4.txt"

All processes killed
========== OTL ==========
C:\WINDOWS\akebook.ini moved successfully.
C:\WINDOWS\a3kebook.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Eva
->Temp folder emptied: 44224771 bytes
->Temporary Internet Files folder emptied: 37704589 bytes
->Java cache emptied: 608234 bytes
->Flash cache emptied: 8595 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5686898 bytes
->Java cache emptied: 3350 bytes
->Flash cache emptied: 13645 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 159449673 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 54869 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 41585 bytes
%systemroot%\System32 .tmp files removed: 3709969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81353804 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 159145591 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 469.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Eva
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08092011_192529
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Eva\Local Settings\Temp\OICE_A04FAC8D-B6A7-4DAF-A56D-DDD7B6CB087E.0\C5374715. not found!
C:\Documents and Settings\Eva\Local Settings\Temp\SearchMapi2PHFactory.log moved successfully.
Registry entries deleted on Reboot...


----------



## RedCar92 (Jan 10, 2011)

Is your PC running any better yet?


----------



## Farina2 (Aug 7, 2011)

It seems to be working fine. No redirects. And speed seems normal.


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2
Things are looking much better from here.

*Next*
Your *Adobe *appears to be down level
Please visit this *site* Click on the *Adobe Reader* icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.

*Next*
I see in your logs that you have *Malwarebytes* installed on your system.


Double click on *MalwareBytes*, *mbam.exe* to run it.
If Malwarebytes asks to update click on *yes*, if you are not asked.
Click on the *Update* tab then click on *Check for updates*.
After updates finish, click on the *Scanner* tab. Select *Perform quick scan*.
Click on *Scan* button.
When finished copy/paste the contents of mbam.txt into your next post please.

*Next*
Please use Internet Explorer to download and run the following scan: *Eset Online Scanner*

 Place a check mark in the box *YES, I accept the Terms Of Use*
 Click the *Start* button.
 Now *click* the *Install* button.
 *Click Start*. The scanner engine will initialize and update.
 *Do Not place a check mark* in the box beside *Remove found threats*.
 *Click* the *Scan* button. The scan will now run, please be patient.
 When the scan finishes if there are any infections you will see a *List of found threats*.
 Click *Export to text file*
 *Copy and paste* the contents of the *C:\Program Files\ESET\log.txt* into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:


*mbam.txt*
*Results of ESET scan if any.*
*Any problems that you may have or concerns about your PC.*


----------



## Farina2 (Aug 7, 2011)

Adobe Updated.

Malwarebytes updated and scan run.

ESet Online Scanner ran and no Threats Found.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7430
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/10/2011 7:24:03 PM
mbam-log-2011-08-10 (19-24-03).txt
Scan type: Quick scan
Objects scanned: 179955
Time elapsed: 15 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Everything seems to be normal. I appreciate all your help. This is my 75-year old husband's computer and when he has problems with it I have to fix it. I couldn't have done it without you. Thanks so much.


----------



## RedCar92 (Jan 10, 2011)

Please don't go yet, there is a bit more to do plus I need to clean up my tools.


----------



## Farina2 (Aug 7, 2011)

I'm not going anywhere. Just wanted you to know how much I appreciate this and I was afraid I would forget later.


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2
There are still a few issues to be resolved.

Run *OTL.exe*
Click the grey *None *button. 
Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

```
dir "C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare\*.*" /s /c
```

Then click the *Run Scan* button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (*don't check* the boxes beside LOP Check or Purity this time)

*Next*
Go to *My Computer-> Tools-> Folder Options-> View tab:*


Under the Hidden files and folders heading:
*Select* *- Show hidden files and folders.*
*Uncheck**- Hide protected operating system files * (recommended) option.
Also, make sure there is no checkmark beside * Hide file extensions for known file types. *
 Click OK. (Remember to Hide files and folders once done)

Please go to just one of the below sites to scan the following files:
Virus Total
VirScan
jotti.org

click on Browse, and upload the following file for analysis:
*C:\WINDOWS\system32\AmRes_en.dll*

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Logs to post:


*OTL.txt*
*File scan report.*


----------



## Farina2 (Aug 7, 2011)

OTL logfile created on: 8/11/2011 5:42:09 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Eva\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.11 Mb Total Physical Memory | 239.65 Mb Available Physical Memory | 23.45% Memory free
3.83 Gb Paging File | 3.04 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): C:\pagefile.sys 3000 5062 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.82 Gb Total Space | 29.53 Gb Free Space | 52.89% Space Free | Partition Type: NTFS

Computer Name: EVALAPPY | User Name: Eva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< dir "C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare\*.*" /s /c >
Volume in drive C has no label.
Volume Serial Number is DC17-69CD
< End of report >








2011-08-12 Found nothing







2011-08-11 Found nothing







2011-08-11 Win32:Malware-gen







2011-08-11 Win32:Malware-gen







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing







2011-08-12 Found nothing







2011-08-11 Found nothing







2011-08-12 Found nothing







2011-08-10 Found nothing







2011-08-11 Found nothing







2011-08-11 Found nothing


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2
Let's do this and see if thing improve a bit.
Run *OTL.exe*
Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

```
:OTL
:Services
:Reg
:Files
C:\Documents and Settings\Eva\Local Settings\Application Data\75pg32uc86hns2rqtr4c
C:\Documents and Settings\All Users\Application Data\75pg32uc86hns2rqtr4c
C:\Documents and Settings\All Users\Application Data\pd71o6fv8o7h427i7b7bboc
C:\Documents and Settings\Eva\Local Settings\Application Data\pd71o6fv8o7h427i7b7bboc
C:\Documents and Settings\Eva\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
C:\Documents and Settings\All Users\Application Data\aAgNpBd06300
C:\WINDOWS\system32\AmRes_en.dll
C:\WINDOWS\system32\AmRes_fr.dll
C:\WINDOWS\system32\AmRes_ja.dll
:Commands
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (*don't check* the boxes beside LOP Check or Purity this time)


----------



## Farina2 (Aug 7, 2011)

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Eva\Local Settings\Application Data\75pg32uc86hns2rqtr4c moved successfully.
C:\Documents and Settings\All Users\Application Data\75pg32uc86hns2rqtr4c moved successfully.
C:\Documents and Settings\All Users\Application Data\pd71o6fv8o7h427i7b7bboc moved successfully.
C:\Documents and Settings\Eva\Local Settings\Application Data\pd71o6fv8o7h427i7b7bboc moved successfully.
C:\Documents and Settings\Eva\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
C:\Documents and Settings\All Users\Application Data\aAgNpBd06300 folder moved successfully.
C:\WINDOWS\system32\AmRes_en.dll moved successfully.
C:\WINDOWS\system32\AmRes_fr.dll moved successfully.
C:\WINDOWS\system32\AmRes_ja.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Eva
->Temp folder emptied: 2009017 bytes
->Temporary Internet Files folder emptied: 255523369 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5182 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12937424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 258.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08132011_083124
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Eva\Local Settings\Temp\OICE_A04FAC8D-B6A7-4DAF-A56D-DDD7B6CB087E.0\C5374715. not found!
C:\Documents and Settings\Eva\Local Settings\Temp\SearchMapi2PHFactory.log moved successfully.
Registry entries deleted on Reboot...


----------



## RedCar92 (Jan 10, 2011)

Greetings Farina2
Things are look good now. Time to clean up a bit.

To remove *Hijackthis* do the following:

Click *Start *→ *Control Panel* → *Add or Remove Programs*
Click on *Hijackthis*
Click on *Remove*
When done close all windows.
Navigate to *C:\Program files\Trend Micro*
Delete the *Hijackthis* folder.
Close all windows.

On your desktop right click on *aswMBR.exe* and select delete. Do the same for any and all *aswMBR.txt* files.

Clean up with *OTL:*


Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.

You should keep Malwarebytes and ESET. Update and run them on a regular basis to keep your pc running malware free.

Congratulations , your PC looks to be *All Clean*.
Now *Set a New Restore Point to prevent possible reinfection from an old one*. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

*The easiest and safest way to do this is*:

Go to *Start* > *Programs* > *Accessories* > *System Tools* and click "*System Restore*".
Choose the radio button marked "*Create a Restore Point*" on the first screen then click "*Next*". Give the R.P. a name then click "*Create*". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then go to *Start* > *Run* and type: *Cleanmgr*
Click "*OK*".
Click the "*More Options*" Tab.
Click "*Clean Up*" in the System Restore section to remove all previous restore points except the newly created one.

*Here are some tips to reduce the potential for spyware infection in the future:*

1. *Make your Internet Explorer More Secure*


From within Internet Explorer click on the *Tools* menu and then click on *Options*.
Click once on the *Security* tab.
Click once on the *Internet* icon so it becomes highlighted.
Click once on the *Custom Level* button.
Change the *Download signed ActiveX controls* to *Prompt*.
Change the *Download unsigned ActiveX controls* to *Disable*.
Change the *Initialise and script ActiveX controls not marked as safe* to *Disable*.
Change the *Installation of desktop items* to *Prompt*.
Change the *Launching programs and files in an IFRAME* to *Prompt*.
Change the *Navigate sub-frames across different domains* to *Prompt*.
When all these settings have been made, click on the *OK* button.
If it prompts you as to whether or not you want to save the settings, press the *Yes* button.

Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

2. *Update your Anti-Virus Software* - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. *Make sure you keep your Windows OS current* by visiting *Windows update*  regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. *Consider a custom hosts file such as MVPS HOSTS*. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the *DNS Client* service *before* installing a custom hosts file.

5. *Download and install the free version of WinPatrol*. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. *Install Spybot - Search and Destroy* - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
*Instructions for - Spybot S & D and Ad-aware*

7. Finally, I strongly recommend that you read TonyKlein's good advice *So how did I get infected in the first place? *

Please post any question or concerns that you may have about this problem. When you are satisfied with the results please click on the *Mark Solved* button at the top of this page.
Thank you for your patience and hard work
Safe surfing


----------



## Farina2 (Aug 7, 2011)

Thanks Bill, Everything is done. Couldn't have done it without you.


----------

