Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome ( Log In | Register )
Easy as 1,2,3!

11 Pages V  « < 9 10 11  
 Reply to this topicStart new topic
>  Malwarebytes not working Plus More, Malwarebytes disabled as well as AVG
topband
post Nov 9 2009, 08:54 PM
Post #151


Authentic Member
**

Group: Authentic Member
Posts: 80
Joined: 17-August 08
Member No.: 81,037
Operating System: xp pro
thnx i installed the avast and it ran a scan on restart ...here is the OTL log
thank the team for me too OM

jh

OTL logfile created on: 11/9/2009 6:50:03 PM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 556.35 Mb Available Physical Memory | 58.05% Memory free
2.85 Gb Paging File | 2.51 Gb Available in Paging File | 87.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 162.10 Gb Free Space | 56.04% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.39 Gb Free Space | 4.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOPBAND
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

========== Win32 Services (All) ==========

SRV - (Alerter [Disabled | Stopped]) -- C:\WINDOWS\System32\alrsvc.dll (Microsoft Corporation)
SRV - (ALG [On_Demand | Running]) -- C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
SRV - (AppMgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (AudioSrv [Auto | Running]) -- C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (BITS [Auto | Running]) -- C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
SRV - (Browser [Auto | Running]) -- C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
SRV - (CiSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\cisvc.exe (Microsoft Corporation)
SRV - (ClipSrv [Disabled | Stopped]) -- C:\WINDOWS\System32\clipsrv.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (COMSysApp [On_Demand | Running]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (CryptSvc [Auto | Running]) -- C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
SRV - (DcomLaunch [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (dmadmin [On_Demand | Stopped]) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (dmserver [Auto | Running]) -- C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
SRV - (Dnscache [Auto | Running]) -- C:\WINDOWS\System32\dnsrslvr.dll (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EPrint III Service [Disabled | Stopped]) -- C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE ()
SRV - (ERSvc [Auto | Running]) -- C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (EventSystem [On_Demand | Running]) -- C:\WINDOWS\System32\es.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility [On_Demand | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Fax [On_Demand | Stopped]) -- C:\WINDOWS\System32\fxssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HidServ [Auto | Running]) -- C:\WINDOWS\System32\hidserv.dll (Microsoft Corporation)
SRV - (HTTPFilter [On_Demand | Stopped]) -- C:\WINDOWS\System32\w3ssl.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ImapiService [On_Demand | Stopped]) -- C:\WINDOWS\System32\imapi.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lanmanserver [Auto | Running]) -- C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
SRV - (lanmanworkstation [Auto | Running]) -- C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LmHosts [Auto | Running]) -- C:\WINDOWS\System32\lmhsvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service [Auto | Running]) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Messenger [Disabled | Stopped]) -- C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (mnmsrvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation)
SRV - (MSIServer [On_Demand | Stopped]) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (MSSQL$RETSDATA [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NetDDE [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (NetDDEdsdm [Disabled | Stopped]) -- C:\WINDOWS\System32\netdde.exe (Microsoft Corporation)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (Netman [On_Demand | Running]) -- C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
SRV - (Nla [On_Demand | Running]) -- C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
SRV - (NtLmSsp [On_Demand | Stopped]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (NtmsSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntmssvc.dll (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (PlugPlay [Auto | Running]) -- C:\WINDOWS\System32\services.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (PolicyAgent [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (RasAuto [Disabled | Stopped]) -- C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
SRV - (RasMan [On_Demand | Running]) -- C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
SRV - (RDSessMgr [On_Demand | Stopped]) -- C:\WINDOWS\System32\sessmgr.exe (Microsoft Corporation)
SRV - (RemoteAccess [Disabled | Stopped]) -- C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
SRV - (RemoteRegistry [Auto | Running]) -- C:\WINDOWS\System32\regsvc.dll (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 10 [Disabled | Stopped]) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RpcLocator [On_Demand | Stopped]) -- C:\WINDOWS\System32\locator.exe (Microsoft Corporation)
SRV - (RpcSs [Auto | Running]) -- C:\WINDOWS\System32\rpcss.dll (Microsoft Corporation)
SRV - (RSVP [On_Demand | Stopped]) -- C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation)
SRV - (SamSs [Auto | Running]) -- C:\WINDOWS\System32\lsass.exe (Microsoft Corporation)
SRV - (SCardSvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation)
SRV - (Schedule [Auto | Running]) -- C:\WINDOWS\System32\schedsvc.dll (Microsoft Corporation)
SRV - (seclogon [Auto | Running]) -- C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
SRV - (SENS [Auto | Running]) -- C:\WINDOWS\System32\sens.dll (Microsoft Corporation)
SRV - (SessionLauncher [Disabled | Stopped]) -- File not found
SRV - (SharedAccess [Auto | Running]) -- C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (ShellHWDetection [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (Spooler [Auto | Running]) -- C:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation)
SRV - (SQLAgent$RETSDATA [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (srservice [Auto | Running]) -- C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
SRV - (SSDPSRV [Auto | Running]) -- C:\WINDOWS\System32\ssdpsrv.dll (Microsoft Corporation)
SRV - (stisvc [Auto | Running]) -- C:\WINDOWS\System32\wiaservc.dll (Microsoft Corporation)
SRV - (SwPrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (SysmonLog [On_Demand | Stopped]) -- C:\WINDOWS\System32\smlogsvc.exe (Microsoft Corporation)
SRV - (TapiSrv [On_Demand | Running]) -- C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
SRV - (TermService [On_Demand | Running]) -- C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
SRV - (ThreatFire [Disabled | Stopped]) -- File not found
SRV - (TlntSvr [On_Demand | Stopped]) -- C:\WINDOWS\System32\tlntsvr.exe (Microsoft Corporation)
SRV - (TrkWks [Auto | Running]) -- C:\WINDOWS\System32\trkwks.dll (Microsoft Corporation)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (upnphost [On_Demand | Stopped]) -- C:\WINDOWS\System32\upnphost.dll (Microsoft Corporation)
SRV - (UPS [On_Demand | Stopped]) -- C:\WINDOWS\System32\ups.exe (Microsoft Corporation)
SRV - (VSS [On_Demand | Stopped]) -- C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation)
SRV - (W32Time [Auto | Running]) -- C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
SRV - (WebClient [Auto | Running]) -- C:\WINDOWS\System32\webclnt.dll (Microsoft Corporation)
SRV - (winmgmt [Auto | Running]) -- C:\WINDOWS\System32\wbem\WMIsvc.dll (Microsoft Corporation)
SRV - (WmdmPmSN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mspmsnsv.dll (Microsoft Corporation)
SRV - (Wmi [On_Demand | Stopped]) -- C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
SRV - (WmiApSrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (wscsvc [Auto | Running]) -- C:\WINDOWS\System32\wscsvc.dll (Microsoft Corporation)
SRV - (wuauserv [Auto | Running]) -- C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
SRV - (WudfSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\WUDFSvc.dll (Microsoft Corporation)
SRV - (WZCSVC [Auto | Running]) -- C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov [On_Demand | Stopped]) -- C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ASAPIW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ASAPIW2k.sys (Pinnacle Systems GmbH)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (EUSBMSD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS (SCM Microsystems Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcwPP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (NuidFltr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (PCLEPCI [System | Running]) -- C:\WINDOWS\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (RxFilter [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RxFilter.sys (Sonic Solutions)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "www.topbandevents.com"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/10/05 17:33:33 | 00,000,000 | ---D | M]

[2009/01/11 14:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions
[2009/01/11 14:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/01/09 19:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/11 14:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\jv7pb2x6.default\extensions
[2009/01/09 19:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\jv7pb2x6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/11 14:46:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/09/03 15:28:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/06 14:35:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2007/08/31 01:08:39 | 00,135,680 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2008/12/05 22:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/10/19 14:44:08 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/08/15 14:30:54 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/09/05 15:03:36 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/10 15:57:23 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/08/10 15:57:47 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/08/10 15:57:15 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/04 17:45:22 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 15:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 24 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 12:38:06 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 18:04:36 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2009/11/09 18:02:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/11/09 12:58:12 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/09 12:58:12 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/09 12:58:11 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/09 12:58:11 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/09 12:58:10 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/09 12:58:10 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/09 12:58:10 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/09 12:58:10 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/09 12:57:55 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/09 12:54:11 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\HP_Administrator\Desktop\avast_home_setup.exe
[2009/11/09 12:36:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/04 20:28:47 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/11/03 21:37:48 | 00,000,000 | ---D | C] -- C:\r
[2009/11/03 21:13:44 | 00,000,000 | ---D | C] -- C:\ERDNT1
[2009/10/28 11:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\virus fix now
[2009/10/28 10:55:42 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 00:18:04 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/21 10:13:25 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2009/10/21 10:13:25 | 00,306,688 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll

========== Files - Modified Within 30 Days ==========

[2009/11/09 18:50:00 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{17F015C8-57FA-45D9-B2E3-851F92A5E8AA}.job
[2009/11/09 18:36:21 | 00,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2769080022-1748412195-781348209-1007.job
[2009/11/09 18:36:21 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2009/11/09 18:20:49 | 00,420,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/09 18:20:48 | 00,499,494 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/09 18:20:48 | 00,070,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/09 18:17:36 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/09 18:16:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/09 18:16:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 18:15:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 18:15:52 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 18:15:52 | 00,614,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 18:09:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/09 18:05:03 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/11/09 18:05:02 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/11/09 12:58:12 | 00,001,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/09 12:58:10 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/09 12:54:12 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\HP_Administrator\Desktop\avast_home_setup.exe
[2009/11/09 12:37:30 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/09 12:37:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/09 12:29:21 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2009/11/08 03:09:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2009/11/05 15:20:50 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/04 22:01:21 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/02 13:12:02 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/02 13:10:26 | 00,002,381 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ULTRA 2.lnk
[2009/11/02 13:05:56 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/11/01 06:05:52 | 00,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAPX1GZ.job
[2009/10/28 00:14:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/10/28 00:02:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files - No Company Name ==========
[2009/11/09 18:05:03 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/11/09 18:05:02 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/11/09 12:58:12 | 00,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/09 12:57:55 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/04/01 18:48:55 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/02/16 00:57:55 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/06 20:05:46 | 00,038,459 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dBase.ADR
[2008/11/06 20:04:28 | 00,038,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (DOS).ADR
[2008/11/06 20:03:39 | 00,038,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Tab Separated Values (Windows).ADR
[2008/11/06 19:52:45 | 00,038,466 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft Excel.ADR
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 08:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/30 23:25:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/09/07 09:17:52 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2008/07/21 15:14:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2007/10/28 14:40:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/19 00:01:26 | 00,008,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rx_audio.Cache
[2007/10/19 00:01:26 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rx_image.Cache
[2007/09/27 14:35:56 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/21 11:22:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/19 12:17:34 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/19 12:17:34 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/07/30 09:57:56 | 00,031,212 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR
[2007/06/12 08:09:54 | 00,749,568 | ---- | C] () -- C:\WINDOWS\System32\swfgen.dll
[2007/06/11 13:32:16 | 00,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/05/13 19:43:57 | 00,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/13 19:43:57 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/24 11:52:52 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/03/21 14:43:53 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007/03/14 13:42:09 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/09 12:36:49 | 00,002,502 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 20:28:12 | 00,201,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/06 18:08:55 | 00,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/05 12:18:44 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/03 18:23:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OlaUtl32.INI
[2007/03/03 18:22:59 | 00,001,625 | ---- | C] () -- C:\WINDOWS\OLAGNT32.INI
[2007/03/02 11:50:22 | 00,002,510 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
[2007/03/01 23:34:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 20:38:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2007/03/01 20:38:06 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP100JCM.{PB
[2007/03/01 20:38:05 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP100JPR.{PB
[2007/03/01 20:38:04 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/01 20:38:04 | 00,048,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/01 20:38:04 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/18 13:05:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 12:46:03 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/18 12:41:33 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/18 12:41:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/18 12:38:20 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/18 12:27:41 | 00,000,252 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/18 12:27:06 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/18 12:22:28 | 00,001,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/18 12:21:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/18 12:19:27 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/18 12:18:11 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/18 12:18:11 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/18 12:18:11 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/18 12:18:11 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/18 12:18:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/18 12:18:11 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/18 12:18:11 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/18 12:17:01 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/18 11:56:18 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/18 11:56:18 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/18 11:56:02 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/30 20:02:00 | 00,000,709 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 12:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/30 12:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 20:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 22:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 20:00:00 | 00,001,920 | ---- | C] () -- C:\WINDOWS\System32\i6fhtwwt.dll
[2004/07/26 06:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/02/27 08:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 08:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 08:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2000/10/01 22:23:36 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1998/12/08 10:09:44 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1998/12/08 10:09:44 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[1998/12/08 10:09:44 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\lffpx90n.dll
[1996/04/01 09:00:00 | 00,000,200 | ---- | C] () -- C:\WINDOWS\System32\CAPTURE2.INI

========== LOP Check ==========

[2009/07/18 14:06:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/05/12 08:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2007/03/14 13:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/08/04 11:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2007/09/27 14:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/08/10 23:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/08/18 12:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/03/02 09:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/11/03 20:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/06/15 11:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2007/11/22 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/08/18 12:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/06/06 20:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ipswitch
[2008/12/05 17:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/03/22 11:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/02/27 01:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/03 16:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2007/03/24 11:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/02/10 18:59:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2007/03/05 12:24:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2007/10/06 21:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2006/08/18 12:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/03/24 14:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/03/03 15:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/10 18:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2008/12/30 14:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vt3studio
[2008/09/07 09:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/11/08 03:09:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/09 18:36:21 | 00,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2009/11/09 18:16:38 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/11/09 18:36:21 | 00,000,970 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2769080022-1748412195-781348209-1007.job
[2009/11/01 06:05:52 | 00,000,548 | ---- | M] () -- C:\WINDOWS\Tasks\Rescue Reminder for 2HAPX1GZ.job
[2009/11/09 18:16:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/09 18:50:00 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{17F015C8-57FA-45D9-B2E3-851F92A5E8AA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Snapshot_002.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Inka King TOP BAND Mix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\centre_logo.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\(Unknown) - Still 001.jpg:Roxio EMC Stream
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >
Go to the top of the page
 
+Quote Post
oldman960
post Nov 10 2009, 12:58 AM
Post #152


SuperMember
Group Icon

Group: Classroom Teacher
Posts: 3,910
Joined: 27-April 08
Member No.: 78,707
Operating System: win98se, XP pro
Hi Topband,

I certainly will pass on your thanks.

Let's get a few things straightened out then take another run at Service Pack 3.

We never quite got finished with this computer before you had the internet problem so we'll clean out the old restore points that were left.

* Create a new restore point

You must be logged on to an administrator account
  • Go to Start - All Programs - Accessories - System Tools - System Restore.
  • Click Create a restore point, and then click Next.
  • In the text box labeled Restore Point Description, type a name for this restore point
  • click create

* Remove old restore points

  • Go to Start - All Programs - Accessories - system tools.
  • Launch the Disk Cleanup tool and let it run.
  • When it finishes a box with tabs will appear, select the more options tab.
  • On this tab you will find a section for System Restore.
  • If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


Now we'll get your java updated and remove the old vulnerable ones.

Click Java to go to the Sun Java site
  • Scroll down to Windows 7/XP/Vista/2000/2003/2008 Offline
  • Right-click on it and click Save Target As
  • Set the Save in box to your desktop,
  • click Save
Do not select Run . Do not install it yet.

When the download is complete, close your browser.

Open Control Panel > Add/Remove Programs and uninstall

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 4
Java™ 6 Update 10

Do not uninstall Java TM 6 Update 17 if found! yeah.gif

Reboot your computer.

Note: When installing the update UNCHECK any optional "foistware" (e.g., Carbonite; MSN or Yahoo or Bing toolbars; OpenOffice) that you don't want to install.

  • Double-click on the saved file ( jre-6u17-windows-i586-s.exe) to install the update. Be patient it may take a few minutes to complete.
  • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.


Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK


SP3

Follow these instructions exactly as posted. Please note this is a large download, about 314MB and could take some time.

You may want to copy and paste these instructions into a notepad and save it to your Desktop. You will be able to reference them if needed.

Click Here to go to the download site
  • Click the download button
  • Click Save
  • save it to your desktop


After the download.
  • Disconnect completely from the internet
  • Close all windows/browser.
  • Reboot your computer
  • Aftr the computer has restarted, disable Avast
    • By right clicking the "a" icon near the clock
    • Click Stop on access protection
    • Click Yes
  • Close any open windows.
  • Double click the file you downloaded and follow the prompts.


After the install is complete, re-enable avast and reconnect to the internet. If a reboot is required, do so and avast will be re-enabled.

Post back when completed and we'll look at some additional security programs.

Thanks
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

11 Pages V  « < 9 10 11
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 10:04 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.