Malwarebytes Forum > Security Tool Infection

Full Version: Security Tool Infection - Can't Install MBAM

Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs

Dan Ringles

Oct 22 2009, 11:20 PM

Initially I had the Windows Police Pro problem and while I was in the process of cleaning that up I caught the Security Tool. I am unable to fully install MBAM and receive the message:

Unable to execute file C:\ProgramFiles\MalwareBytes' Anti-Malware\mbam.exe
Create process failed;Code 2
The system cannot find the file specified

I've tried renaming mbam-setup.exe with no luck.

I am no longer seeing the WPP or ST popups with the bogus scans but obviously one or both are still alive. I do however get Internet Explorer popups even though I am only using Firefox.

I ran RootRepeal but it didn't detect any of the files listed as being threats. Here's the log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 15:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==

And here's the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:03 PM, on 10/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\svohost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bob\Desktop\RootRepeal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bob\Desktop\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {43084a28-51c2-4ec6-b3e6-966e41569144} - gagepira.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ADC PlugIn - {77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - C:\WINDOWS\system32\plugie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [70810723] C:\DOCUME~1\ALLUSE~1\APPLIC~1\70810723\70810723.exe
O4 - HKLM\..\Run: [94578740] C:\Documents and Settings\All Users\Application Data\94578740\94578740.exe
O4 - HKLM\..\Run: [hifimukud] Rundll32.exe "c:\windows\system32\jogihuju.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Flutecakes\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: seniyuro.dll c:\windows\system32\jogihuju.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: jomabinuw - {ef4c3674-c587-4a35-85a4-69dfbf149478} - c:\windows\system32\jogihuju.dll
O22 - SharedTaskScheduler: jugezatag - {ef4c3674-c587-4a35-85a4-69dfbf149478} - c:\windows\system32\jogihuju.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: WDefend - Unknown owner - C:\WINDOWS\svohost.exe

--
End of file - 8757 bytes

There was also a O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe entry that i deleted while fighting the Windows Police Pro.

Thanks for any help you might be able to give me. I'm getting really frustrated trying to fight this thing myself.

chamber

Oct 23 2009, 11:02 AM

Hi,

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

logan

Oct 23 2009, 06:24 PM

Posting deleted by Mod...PM (with caveat) sent regarding the creation of a new thread for user Logan.

...pardon the intrusion, Dan Ringles and please carry on with your expert assistant chamber.

Dan Ringles

Oct 23 2009, 07:27 PM

exeHelper by Raktor
Build 20091021
Run at 11:20:54 on 10/23/09
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70810723
Checking for bad processes...
Killed process svohost.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\bincd32.dat
Deleting file C:\WINDOWS\system32\pump.exe
Deleting file C:\WINDOWS\system32\plugie.dll
Deleting file C:\WINDOWS\svohost.exe
Deleting file C:\WINDOWS\system32\nuar.old
Deleting file C:\WINDOWS\system32\skynet.dat
Deleting file C:\Documents and Settings\Bob\Desktop\Security Tool.lnk
Deleting file C:\Documents and Settings\Bob\Start Menu\Programs\Security Tool.lnk
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

ComboFix 09-10-22.01 - Bob 10/23/2009 11:48.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.96 [GMT -7:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Bob\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Bob\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\30652218
c:\documents and settings\All Users\Application Data\30652218\30652218.exe
c:\documents and settings\All Users\Application Data\94578740
c:\documents and settings\All Users\Application Data\94578740\94578740.bat
c:\documents and settings\All Users\Application Data\94578740\94578740.exe
c:\program files\Windows Police Pro
c:\recycler\S-1-5-21-1482476501-117609710-1801674531-1003
c:\recycler\S-1-5-21-1560454674-828500232-3025239362-1003
c:\recycler\S-1-5-21-2117801791-3926411368-178611624-1003
c:\recycler\S-1-5-21-3198218572-1756246666-1643702306-1003
c:\windows\system32\dewuyode.dll.tmp
c:\windows\system32\dorulelo.dll
c:\windows\system32\fedoniko.exe
c:\windows\system32\fipuvuna.dll
c:\windows\system32\gagepira.dll.tmp
c:\windows\system32\gatuzune.dll
c:\windows\system32\husalefi.dll
c:\windows\system32\jepiwezi.dll.tmp
c:\windows\system32\jolefayu.dll
c:\windows\system32\kumeweva.dll
c:\windows\system32\levopifo.dll.tmp
c:\windows\system32\litinika.dll
c:\windows\system32\palozora.exe
c:\windows\system32\rorerilu.exe
c:\windows\system32\sayabase.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\seniyuro.dll
c:\windows\system32\vaditujo.dll
c:\windows\system32\vetujavo.dll
c:\windows\system32\yagepodo.dll
c:\windows\system32\yidonizo.dll.tmp
c:\windows\system32\zavisomu.dll
c:\windows\system32\zoranada.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-22 07:27 . 2009-10-22 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 05:40 . 2009-10-22 05:40 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes
2009-10-22 05:30 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-22 05:30 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-22 05:30 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-22 05:30 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-10-22 05:30 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-22 05:30 . 2009-10-22 05:41 -------- d-----w- c:\documents and settings\Bob\Application Data\Simply Super Software
2009-10-22 05:30 . 2009-10-22 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-21 22:43 . 2009-10-21 22:43 -------- d-----w- C:\_OTM
2009-10-19 15:43 . 2009-10-19 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 15:18 . 2009-10-21 22:43 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:18 . 2009-10-21 22:43 1 ----a-w- c:\windows\wp3.dat
2009-10-19 03:04 . 2009-10-19 03:04 51712 ----a-w- c:\documents and settings\x.exe
2009-10-16 07:06 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-16 06:44 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-15 20:34 . 2009-10-16 00:27 -------- d-----w- c:\program files\FlashGet
2009-10-15 20:08 . 2009-10-15 20:08 4653448 ----a-w- c:\program files\fgen_305.exe
2009-10-12 03:59 . 2009-10-12 03:59 -------- d-sh--w- c:\documents and settings\Bob\PrivacIE
2009-09-25 18:46 . 2009-09-25 18:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:15 . 2008-06-23 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 00:52 . 2008-04-19 08:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 00:48 . 2008-04-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 03:58 . 2009-07-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 14:18 . 2008-01-29 02:35 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:23 . 2008-06-20 12:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2008-01-29 02:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-01-29 02:36 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:01 . 2008-07-01 10:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 17:00 . 2008-07-01 10:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-19 17:00 . 2008-07-01 10:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 19:14 . 2008-06-21 14:58 24320 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2008-01-29 02:35 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2007-07-19 02:40 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-23 00:39 . 2008-07-31 04:35 6144 --sha-w- c:\program files\Thumbs.db
2009-04-19 22:13 . 2009-04-19 22:13 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe
2009-03-22 08:12 . 2009-03-22 08:06 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe
2008-11-27 18:50 . 2008-11-27 00:47 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-10 00:38 . 2008-10-10 00:37 1761487 ----a-w- c:\program files\SopCastOcx.zip
2008-09-25 18:32 . 2008-09-25 18:32 2306336 ----a-w- c:\program files\OrbitSetup_276.exe
2008-09-25 18:12 . 2008-09-25 18:12 3596242 ----a-w- c:\program files\bid_1_38_setup.exe
2008-09-19 20:18 . 2008-09-19 20:18 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe
2008-08-03 02:09 . 2008-08-03 02:09 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-07-31 02:12 . 2008-07-31 02:08 63530280 ----a-w- c:\program files\iTunesSetup.exe
2008-07-06 01:38 . 2008-07-06 01:38 6552472 ----a-w- c:\program files\AWCSetup.exe
2008-07-03 06:15 . 2008-07-03 06:15 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe
2008-06-23 20:19 . 2008-06-23 20:19 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe
2008-04-20 08:57 . 2008-04-20 08:58 1495112 ----a-w- c:\program files\install_flash_player.exe
2009-07-22 18:07 . 2009-07-22 18:07 1051170 --sha-w- c:\windows\system32\nugebini.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2008 3:55 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2008 3:55 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:44 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 8:41 PM 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebid.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava11.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava12.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava131.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava32.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPOJI600.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{43084a28-51c2-4ec6-b3e6-966e41569144} - zavisomu.dll
BHO-{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - c:\windows\system32\plugie.dll
HKLM-Run-94578740 - c:\documents and settings\All Users\Application Data\94578740\94578740.exe
HKLM-Run-hifimukud - c:\windows\system32\jolefayu.dll
HKLM-Run-tijadubapo - vaditujo.dll
SharedTaskScheduler-{f6f816c6-7495-458c-bddb-857cf7759435} - c:\windows\system32\jolefayu.dll
SSODL-lopimipaj-{f6f816c6-7495-458c-bddb-857cf7759435} - c:\windows\system32\jolefayu.dll
AddRemove-HijackThis - c:\documents and settings\Bob\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 12:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF31242.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 19:15

Pre-Run: 1,323,249,664 bytes free
Post-Run: 4,514,701,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7BF135A68FF1C5B707621A2BFE08FF80

By the way i received two RUNDLL errors upon restart:
Error loading c:\windows\system32\jolefayu.dll
The specified module could not be found.
and
Error loading vaditujo.dll
The specified module could not be found.

Thanks again for your help.

chamber

Oct 24 2009, 11:31 AM

Hi,

Lets stop with the jumping in on other peoples threads.

1) CFScript

Open notepad and copy/paste the text in the quotebox below into it:

CODE

http://www.malwarebytes.org/forums/index.php?showtopic=28657

Collect::
c:\windows\system32\nugebini.exe
c:\documents and settings\x.exe

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

2) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) DDS

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

In your reply I would like to see copied and pasted,

1) ComboFix log
2) Malwarebytes log
3) DDS logs

Dan Ringles

Oct 25 2009, 02:39 AM

1) ComboFix log

Upload was successful

(that's all it said)

2) Malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database version: 3028
Windows 5.1.2600 Service Pack 3

10/24/2009 6:59:38 PM
mbam-log-2009-10-24 (18-59-38).txt

Scan type: Quick Scan
Objects scanned: 95248
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

3) DDS logs

DDS (Ver_09-10-24.03) - NTFSx86
Run by Bob at 19:28:10.39 on Sat 10/24/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebid.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\apwncr8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava11.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava12.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava131.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava32.dll
FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPOJI600.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-25 01:43:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 01:43:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 01:43:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 18:45:21 0 d-sha-r- C:\cmdcons
2009-10-23 18:42:17 98816 ----a-w- c:\windows\sed.exe
2009-10-23 18:42:17 236544 ----a-w- c:\windows\PEV.exe
2009-10-23 18:42:17 161792 ----a-w- c:\windows\SWREG.exe
2009-10-22 07:27:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 05:40:33 0 d-----w- c:\docume~1\bob\applic~1\Malwarebytes
2009-10-22 05:30:40 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-22 05:30:40 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-22 05:30:40 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-22 05:30:40 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-22 05:30:40 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-10-22 05:30:35 0 d-----w- c:\docume~1\bob\applic~1\Simply Super Software
2009-10-22 05:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-10-21 22:43:23 0 d-----w- C:\_OTM
2009-10-16 07:06:46 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-16 06:44:21 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-15 20:34:18 0 d-----w- c:\program files\FlashGet
2009-10-15 20:08:24 4653448 ----a-w- c:\program files\fgen_305.exe
2009-10-12 03:59:53 0 d-sh--w- c:\documents and settings\bob\PrivacIE

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:01:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44:46 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-06-23 00:39:42 6144 --sha-w- c:\program files\Thumbs.db
2009-04-19 22:13:12 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe
2009-03-22 08:12:42 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe
2008-11-27 18:50:58 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-10 00:38:07 1761487 ----a-w- c:\program files\SopCastOcx.zip
2008-09-25 18:32:50 2306336 ----a-w- c:\program files\OrbitSetup_276.exe
2008-09-25 18:12:30 3596242 ----a-w- c:\program files\bid_1_38_setup.exe
2008-09-19 20:18:37 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe
2008-08-03 02:09:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-07-31 02:12:08 63530280 ----a-w- c:\program files\iTunesSetup.exe
2008-07-06 01:38:57 6552472 ----a-w- c:\program files\AWCSetup.exe
2008-07-03 06:15:05 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe
2008-06-23 20:19:44 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe
2008-04-20 08:57:42 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-08-25 23:16:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 19:30:31.92 ===============
Click to view attachment

chamber

Oct 25 2009, 10:11 AM

Hi,

Lets get another scan going and see where we are.

Can you check and see if ComboFix produced a log last time.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Dan Ringles

Oct 28 2009, 09:40 PM

Hi, sorry for the delay. I haven't been felling well.

Yes, ComboFix produced a log. However, all it said was "Upload was successful".
Should I try running ComboFix again?

Here are te OTL logs:

OTL.txt
--------
OTL logfile created on: 10/26/2009 9:02:19 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free
605.72 Mb Paging File | 291.95 Mb Available in Paging File | 48.20% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 3.55 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 01:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 01:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/01 09:27:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 19:50:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 19:54:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 14:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 01:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 01:51:20 | 00,000,000 | ---D | M]

[2008/08/26 16:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Extensions
[2008/08/26 16:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/25 23:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions
[2009/10/15 14:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/03 23:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 20:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}
[2009/03/17 15:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/15 15:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download
[2008/08/26 16:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 14:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/10 14:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 14:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/10 14:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/15 01:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/15 01:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/03 23:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/03 23:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/05 15:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/09/03 23:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/03 23:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/03 23:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/03 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/03 23:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 10:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/10/22 00:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/21 22:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes
[2009/10/21 22:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2009/10/15 13:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2009/10/24 18:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/26 20:58:34 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/10/25 20:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/10/25 20:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/10/25 20:34:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGHFGHFG
[2009/10/25 17:21:46 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Bob\Desktop\HFGHKUIUJUYJM
[2009/10/25 17:20:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\YUJYTJHGNGF
[2009/10/25 14:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/25 08:31:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FNFDGHFGHFGH
[2009/10/24 18:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 18:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 18:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 17:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/23 14:29:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1625
[2009/10/23 11:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/23 11:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/23 11:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/23 11:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/23 11:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/23 11:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/23 11:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/23 11:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com
[2009/10/22 14:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe
[2009/10/21 22:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software
[2009/10/21 22:30:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/10/21 22:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 21:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups
[2009/10/21 15:43:23 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/21 15:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 15:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[2009/10/18 18:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGBGFHHF
[2009/10/16 02:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGHTYUJYU
[2009/10/16 01:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJYTJ
[2009/10/16 01:09:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YJHFG
[2009/10/16 00:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUJYU
[2009/10/16 00:38:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\UYIIUI
[2009/10/16 00:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUIYIYI
[2009/10/16 00:06:46 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/10/15 23:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUIYUIYUIGJ
[2009/10/15 23:45:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YYUYUJBFGD
[2009/10/15 23:44:21 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/10/15 21:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YJRTYUYU
[2009/10/15 21:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYUJGJG
[2009/10/15 21:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JGJFJGJ
[2009/10/15 20:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YYUYTFGDHD
[2009/10/15 18:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HTYHYT
[2009/10/15 15:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YTYTHYTH
[2009/10/15 13:05:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHHHFH
[2009/10/14 22:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHFGDNND
[2009/10/14 17:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YTUUYUTY
[2009/10/14 17:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTJTJTJ
[2009/10/14 15:57:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJ
[2009/10/14 15:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\UKYUK
[2009/10/14 12:21:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUKYU
[2009/10/14 11:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1204
[2009/10/14 09:58:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYR
[2009/10/14 02:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTYJ
[2009/10/14 01:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTJT
[2009/10/14 01:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTY
[2009/10/14 00:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JTJTYe
[2009/10/14 00:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TFSDF
[2009/10/14 00:08:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\YTYTY
[2009/10/13 23:13:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHYT
[2009/10/13 22:07:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHFDGF
[2009/10/13 20:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FFF
[2009/10/13 20:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TR
[2009/10/13 19:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HTRETR
[2009/10/13 12:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TRHRT
[2009/10/13 11:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0904
[2009/10/12 23:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\REHR
[2009/10/12 15:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RTHRTH
[2009/10/12 13:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Downloads
[2009/10/11 21:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TRHRTHRT
[2009/10/11 21:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\REHRHR
[2009/10/11 19:49:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RHHR
[2009/10/11 15:42:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\E5YYUJ
[2009/10/09 13:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0403
[2009/10/08 23:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\» Guide_files
[2009/10/08 21:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0504
[2009/10/08 19:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUJ
[2009/10/08 19:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\BLNDWB
[2009/10/08 19:03:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJGF
[2009/10/08 19:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJU
[2009/10/08 19:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GFDF
[2009/10/08 19:01:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\PRPL
[2009/10/08 18:49:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\DGGFDGF
[2009/10/08 18:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1303
[2009/10/08 17:37:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0204
[2009/10/08 17:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUTJUJ
[2009/10/08 17:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\DDGHFH
[2009/10/08 17:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\2GRDWL
[2009/10/08 17:07:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FH
[2009/10/08 16:03:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FGHYHY
[2009/10/07 18:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\z439
[2009/10/07 18:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\DHGGN
[2009/10/07 17:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GNUU
[2009/10/07 16:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FHFHGG
[2009/10/07 00:28:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GTTRRVM_2
[2009/10/06 23:44:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\HGJGJ
[2009/10/06 23:35:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJF
[2009/10/05 15:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0703
[2009/10/05 09:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GFJJG
[2009/10/05 01:02:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JGJG
[2009/10/05 00:55:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JGF
[2009/10/04 23:21:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJGJ
[2009/10/04 16:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJ
[2009/10/04 16:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJ
[2009/10/02 21:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t92956
[2009/10/02 21:02:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t92741
[2009/10/02 21:02:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t92678
[2009/10/02 21:01:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t92100
[2009/10/02 21:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t91657
[2009/10/02 21:01:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t91366
[2009/10/02 21:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t90782
[2009/10/02 21:00:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\t90508
[2009/10/02 20:54:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TRUUUIII
[2009/10/02 20:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RTG
[2009/10/02 20:36:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FGFGG
[2009/10/02 20:35:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FGGGFFF
[2009/10/02 20:33:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JYJUU
[2009/10/02 20:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\UJFJ
[2009/10/02 20:27:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FJG
[2009/10/02 20:24:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\GJJGJJFJ
[2009/10/02 20:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FGJJJJGFJ
[2009/10/02 20:23:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\DFGDFGD
[2009/10/02 20:23:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\DFGGGG
[2009/10/02 20:22:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\UJKUKUK
[2009/10/02 20:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YKUYK
[2009/10/02 20:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUKYUYKU
[2009/10/02 20:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\KYUU
[2009/10/02 20:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JJJHJJJ
[2009/04/19 15:13:09 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\Program Files\dvdflick_setup_1.3.0.6.exe
[2009/03/22 01:06:08 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_283a1450.exe
[2008/11/26 17:47:04 | 27,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2008/09/25 11:32:27 | 02,306,336 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup_276.exe
[2008/09/25 11:12:16 | 03,596,242 | ---- | C] (Antibody Software ) -- C:\Program Files\bid_1_38_setup.exe
[2008/09/19 13:18:29 | 06,089,998 | ---- | C] (CCCP Project ) -- C:\Program Files\Combined-Community-Codec-Pack-2008-01-24.exe
[2008/08/02 19:09:21 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/07/30 19:08:54 | 63,530,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/07/05 18:38:39 | 06,552,472 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe
[2008/07/02 23:15:19 | 02,978,159 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.1.2.678.exe
[2008/04/20 01:58:03 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/26 20:58:45 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/10/26 20:39:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 20:39:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/26 20:38:55 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/26 15:00:05 | 00,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/26 15:00:04 | 44,228,538 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/25 17:58:25 | 04,306,456 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/10/25 17:48:49 | 00,000,065 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Default.PLS
[2009/10/25 01:13:21 | 00,136,192 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 00:03:34 | 00,084,922 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\f654e5be1a10.jpg
[2009/10/24 22:39:32 | 92,466,019 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shrine.rar
[2009/10/24 19:26:58 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 18:43:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 18:39:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 17:49:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/24 14:54:55 | 00,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/23 12:06:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/23 12:00:47 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\depadunu
[2009/10/23 11:45:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/23 11:34:35 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 14:46:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/22 14:45:29 | 00,465,298 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\RootRepeal.rar
[2009/10/21 22:23:39 | 08,877,640 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 15:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/21 15:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 15:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[2009/10/18 19:11:02 | 80,046,507 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Power.rar
[2009/10/18 19:03:15 | 02,970,904 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\PowerScans.rar
[2009/10/17 16:33:07 | 00,013,381 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dl
[2009/10/16 16:54:03 | 16,970,6958 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\0392.zip
[2009/10/16 14:42:04 | 01,088,204 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\cc-art.zip
[2009/10/16 14:32:35 | 17,613,2813 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\0391.zip
[2009/10/16 13:09:07 | 00,006,138 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ypNjJwY
[2009/10/16 11:46:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 05:46:31 | 00,503,560 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 05:46:31 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 05:46:31 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/16 05:15:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 00:05:49 | 28,020,5239 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\YLAOM.rar
[2009/10/15 23:11:35 | 12,726,2957 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Been.zip
[2009/10/15 22:34:24 | 13,335,1654 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Farm.zip
[2009/10/15 16:18:41 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk
[2009/10/15 13:21:05 | 87,101,335 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Express.rar
[2009/10/15 13:08:28 | 04,653,448 | ---- | M] () -- C:\Program Files\fgen_305.exe
[2009/10/15 13:05:48 | 00,034,895 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Unlimited.htm
[2009/10/15 11:52:04 | 11,330,0650 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\MCF183BIA20G2.rar
[2009/10/14 23:47:20 | 10,113,8341 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\MCF171HTM20G2.rar
[2009/10/14 23:16:32 | 67,282,166 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\MCF170BIS20G2.rar
[2009/10/14 22:49:13 | 98,026,874 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\MCF169KOTM20G2.rar
[2009/10/14 15:58:56 | 11,816,7566 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1304.rar.002
[2009/10/14 15:50:51 | 13,631,4880 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1304.rar.001
[2009/10/14 15:04:57 | 92,471,833 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Road.rar
[2009/10/14 14:58:13 | 10,355,5045 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Blue.rar
[2009/10/14 14:32:51 | 00,033,781 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\groupe1.jpg
[2009/10/14 13:19:37 | 19,076,5378 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\20091013or1.rar
[2009/10/14 11:44:59 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/14 11:39:22 | 14,044,4591 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Further.rar
[2009/10/13 22:47:16 | 02,672,070 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\03.mp3
[2009/10/13 22:15:55 | 36,761,363 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2008-06-25T17_16_20-07_00.mp3
[2009/10/13 22:14:04 | 24,909,771 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2008-06-25T12_19_24-07_00.mp3
[2009/10/13 22:08:12 | 00,054,817 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Discography.htm
[2009/10/13 01:23:48 | 57,126,014 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Super.rar
[2009/10/13 00:53:14 | 56,078,749 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Supers.rar
[2009/10/13 00:03:07 | 00,059,830 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fd87e6c58c19.jpg
[2009/10/12 23:58:56 | 00,130,468 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\9b9dccf7e13f.jpg
[2009/10/12 23:58:54 | 00,090,929 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\a3994e7b604f.jpg
[2009/10/12 16:31:54 | 78,851,244 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Good.rar
[2009/10/12 16:25:43 | 11,467,6362 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SCFTW.rar
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/09 15:58:14 | 54,005,158 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\show.rar
[2009/10/09 14:52:35 | 15,898,2561 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\6.rar
[2009/10/09 13:48:28 | 17,063,4042 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\5.rar
[2009/10/09 00:52:05 | 10,395,0829 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\4.rar
[2009/10/09 00:01:59 | 75,674,346 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\3.rar
[2009/10/08 23:35:11 | 00,077,787 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\» Guide.htm
[2009/10/08 23:12:54 | 10,497,5430 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\2.rar
[2009/10/08 22:02:02 | 12,737,5853 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\1.rar
[2009/10/08 19:33:50 | 06,865,218 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\05.mp3
[2009/10/06 23:48:37 | 00,016,779 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\bg_5197168.jpg
[2009/10/06 23:48:32 | 00,106,741 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\bg_5197169.jpg
[2009/10/05 08:29:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Files - No Company Name ==========
[2009/10/25 01:11:45 | 97,617,060 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\01.wmv
[2009/10/25 00:03:15 | 00,084,922 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\f654e5be1a10.jpg
[2009/10/24 22:27:48 | 92,466,019 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shrine.rar
[2009/10/24 19:26:29 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 18:43:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 11:45:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/23 11:45:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/23 11:42:17 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/23 11:42:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/23 11:42:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/23 11:42:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/23 11:34:21 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 14:46:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/22 14:44:03 | 00,465,298 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\RootRepeal.rar
[2009/10/22 00:11:20 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 22:30:40 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 22:30:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/10/21 22:30:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/21 22:30:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/21 15:55:47 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/18 19:01:35 | 02,970,904 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\PowerScans.rar
[2009/10/18 19:00:30 | 80,046,507 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Power.rar
[2009/10/17 16:32:45 | 00,013,381 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dl
[2009/10/16 16:19:03 | 16,970,6958 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\0392.zip
[2009/10/16 14:41:27 | 01,088,204 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\cc-art.zip
[2009/10/16 13:50:09 | 17,613,2813 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\0391.zip
[2009/10/16 02:34:50 | 00,006,138 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\ypNjJwY
[2009/10/15 23:27:41 | 28,020,5239 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\YLAOM.rar
[2009/10/15 22:57:02 | 12,726,2957 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Been.zip
[2009/10/15 22:12:54 | 13,335,1654 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Farm.zip
[2009/10/15 16:18:40 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk
[2009/10/15 13:08:24 | 04,653,448 | ---- | C] () -- C:\Program Files\fgen_305.exe
[2009/10/15 13:05:33 | 00,034,895 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Unlimited.htm
[2009/10/15 12:40:05 | 87,101,335 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Express.rar
[2009/10/15 10:55:20 | 11,330,0650 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\MCF183BIA20G2.rar
[2009/10/14 23:34:14 | 10,113,8341 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\MCF171HTM20G2.rar
[2009/10/14 23:07:20 | 67,282,166 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\MCF170BIS20G2.rar
[2009/10/14 22:32:04 | 98,026,874 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\MCF169KOTM20G2.rar
[2009/10/14 15:55:40 | 11,816,7566 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1304.rar.002
[2009/10/14 15:45:53 | 13,631,4880 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1304.rar.001
[2009/10/14 14:33:43 | 92,471,833 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Road.rar
[2009/10/14 14:32:03 | 00,033,781 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\groupe1.jpg
[2009/10/14 14:27:24 | 10,355,5045 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Blue.rar
[2009/10/14 11:54:33 | 19,076,5378 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\20091013or1.rar
[2009/10/14 11:33:50 | 14,044,4591 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Further.rar
[2009/10/14 01:25:53 | 04,686,693 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\13.mp3
[2009/10/13 22:46:31 | 02,672,070 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\03.mp3
[2009/10/13 22:14:13 | 36,761,363 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2008-06-25T17_16_20-07_00.mp3
[2009/10/13 22:12:38 | 24,909,771 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2008-06-25T12_19_24-07_00.mp3
[2009/10/13 22:08:06 | 00,054,817 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Discography.htm
[2009/10/13 20:07:22 | 00,008,265 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\band1.jpg
[2009/10/13 01:15:54 | 57,126,014 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Super.rar
[2009/10/13 00:45:58 | 56,078,749 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Supers.rar
[2009/10/13 00:03:04 | 00,059,830 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fd87e6c58c19.jpg
[2009/10/12 23:58:54 | 00,130,468 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\9b9dccf7e13f.jpg
[2009/10/12 23:58:34 | 00,090,929 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\a3994e7b604f.jpg
[2009/10/12 16:21:19 | 78,851,244 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Good.rar
[2009/10/12 16:20:53 | 11,467,6362 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SCFTW.rar
[2009/10/09 15:52:53 | 54,005,158 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\show.rar
[2009/10/09 14:11:30 | 15,898,2561 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\6.rar
[2009/10/09 12:38:44 | 17,063,4042 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\5.rar
[2009/10/09 00:13:19 | 10,395,0829 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\4.rar
[2009/10/08 23:42:13 | 75,674,346 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\3.rar
[2009/10/08 23:34:59 | 00,077,787 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\» Guide.htm
[2009/10/08 22:57:42 | 10,497,5430 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\2.rar
[2009/10/08 21:38:56 | 12,737,5853 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\1.rar
[2009/10/07 02:26:21 | 06,865,218 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\05.mp3
[2009/10/06 23:48:35 | 00,016,779 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\bg_5197168.jpg
[2009/10/06 23:48:18 | 00,106,741 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\bg_5197169.jpg
[2008/10/09 17:37:03 | 01,761,487 | ---- | C] () -- C:\Program Files\SopCastOcx.zip
[2008/07/30 21:35:22 | 00,006,144 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/06/23 13:19:17 | 49,384,056 | ---- | C] () -- C:\Program Files\avg_free_stf_all_8_100a1323.exe
[2008/06/21 07:58:38 | 00,024,320 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/21 03:52:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 04:20:41 | 00,033,979 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/06/20 04:20:40 | 00,106,253 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/06/20 04:01:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/19 02:04:47 | 00,136,192 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 01:06:36 | 04,306,456 | -H-- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2008/04/19 01:06:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob\Application Data\desktop.ini
[2005/03/25 06:42:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/29 12:07:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 11:14:01 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 11:13:28 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 10:47:04 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 10:47:04 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 10:46:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/29 10:46:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/29 03:51:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/23 11:57:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/15 01:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/24 15:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/06/20 06:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/10/11 20:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2003/07/29 11:15:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/06/16 20:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/21 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 22:40:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bob\Application Data
[2008/06/21 09:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Ahead
[2009/06/01 22:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR
[2009/05/31 21:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\BID
[2008/07/03 00:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Canneverbe_Limited
[2009/08/13 23:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DVD Flick
[2008/09/25 11:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro
[2003/07/29 11:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\InterTrust
[2008/09/26 20:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit
[2009/10/21 22:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2009/10/16 11:46:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/26 20:39:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >

Dan Ringles

Oct 28 2009, 09:43 PM

Extras.txt
-----------
OTL Extras logfile created on: 10/26/2009 9:02:19 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free
605.72 Mb Paging File | 291.95 Mb Available in Paging File | 48.20% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 3.55 Gb Free Space | 4.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EEA03C8-D820-411C-AB0C-9DD5EFAD1033}" = Nero 7 Essentials
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"America Online us" = America Online
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"BigFix" = BigFix
"Bulk Image Downloader_is1" = Bulk Image Downloader v1.38.0.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CompuServe us" = CompuServe
"DVD Flick_is1" = DVD Flick 1.3.0.6
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer Basic
"SiS VGA Driver" = SiS 661FX
"SopCast" = SopCast 3.0.3
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2009 6:20:24 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 11307
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1307.There
is not enough disk space to install this file: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll.
Free some disk space and click Retry, or click Cancel to exit.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CLR' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CA' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework CRT' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework PreXP' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.
Watson' could not be installed. Error code 1603. Additional information is available
in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 1' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework 2' could not be installed. Error code 1603. Additional information is
available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

[ System Events ]
Error - 10/23/2009 3:03:10 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/23/2009 3:06:15 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000
Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 5:56:00 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000
Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 8:33:42 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/24/2009 8:48:57 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/24/2009 9:29:56 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000
Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 10:06:21 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner
service to connect.

Error - 10/24/2009 10:06:21 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 E-mail Scanner service failed to start due to the following
error: %%1053

Error - 10/25/2009 9:07:06 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/25/2009 9:07:14 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

< End of report >

chamber

Oct 29 2009, 08:16 AM

Hi,

You have a lot of randon folders and .rar files on your desktop, do you know what these are?

You also have OTM, have you been helped elsewhere?

Dan Ringles

Oct 30 2009, 08:15 AM

Yes I know what all the folders and rar files are.
The only thing on my desktop that I'm not sure about is the Advanced WindowsCare V2 Personal. Not sure where that came from. I don't remember installing that.

Before I found this site, I tried getting rid of the Windows Police Pro myself by following some suggestions on other sites. I didn't have anybody helping me specifically though. The only thing i deleted was O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe. When I opened task manager Windows Police Pro would show up under Applications and 30652218.exe was under Processes. When I clicked End Task on 30652218.exe, Windows Police Pro would also close. The site I was at said to look for entries like O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe that had random numbers.exe so when I saw that one and was able to see the connection between it and Windows Police Pro, I felt safe deleting it.

Dan Ringles

Oct 30 2009, 08:21 AM

Just remembered where the Advanced WindowsCare V2 Personal came from. Somebody suggested I run it when I thought my registry might me messed up.

chamber

Oct 30 2009, 08:54 AM

Thats ok.

Just wanted to check what they were.

I would also never, ever use anything to try and clean or fix the registry. Highly inadvisable.

Want to get an updated scan.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Don't worry about the extras.txt

Dan Ringles

Nov 2 2009, 10:13 PM

OTL logfile created on: 11/2/2009 1:21:10 PM - Run 2
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 85.31 Mb Available Physical Memory | 38.17% Memory free
911.72 Mb Paging File | 484.64 Mb Available in Paging File | 53.16% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.00 Gb Free Space | 18.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Secdrv) Secdrv [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (SiSkp) SiSkp [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) SiS315 [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (ASCTRM) ASCTRM [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) ialm [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) winachsf [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 09:41:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 18:50:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 18:54:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 13:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

[2009/10/15 14:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download
[2009/03/17 14:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/01/08 19:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}
[2009/09/03 22:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/15 13:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/26 15:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions
[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2009/09/10 13:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/26 15:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/10 13:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/09/10 13:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/10 13:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/03 22:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/03 22:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/05 14:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/03 22:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/03 22:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/03 22:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/03 22:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/03 22:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 09:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/21 04:52:38 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 11:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1200
[2009/10/27 22:16:57 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/10/25 19:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/10/25 19:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/10/25 13:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/24 17:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 17:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 17:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 17:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 16:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/23 10:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/23 10:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/23 10:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/23 10:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/23 10:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/23 10:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/23 10:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/23 10:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com
[2009/10/22 13:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe
[2009/10/21 23:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/21 21:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes
[2009/10/21 21:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software
[2009/10/21 21:30:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 21:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 20:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups
[2009/10/21 14:43:23 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/21 14:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 14:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[2009/10/15 23:06:46 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/10/15 22:44:21 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/10/15 12:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2009/10/12 12:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Downloads
[2009/10/11 19:59:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Bob\PrivacIE
[2009/04/19 14:13:09 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\Program Files\dvdflick_setup_1.3.0.6.exe
[2009/03/22 00:06:08 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_283a1450.exe
[2008/11/26 16:47:04 | 27,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2008/09/25 10:32:27 | 02,306,336 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup_276.exe
[2008/09/25 10:12:16 | 03,596,242 | ---- | C] (Antibody Software ) -- C:\Program Files\bid_1_38_setup.exe
[2008/09/19 12:18:29 | 06,089,998 | ---- | C] (CCCP Project ) -- C:\Program Files\Combined-Community-Codec-Pack-2008-01-24.exe
[2008/08/02 18:09:21 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/07/30 18:08:54 | 63,530,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/07/05 17:38:39 | 06,552,472 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe
[2008/07/02 22:15:19 | 02,978,159 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.1.2.678.exe
[2008/04/20 00:58:03 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/02 13:20:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/11/02 12:42:09 | 18,350,080 | -H-- | M] () -- C:\Documents and Settings\Bob\NTUSER.DAT
[2009/11/02 09:33:33 | 00,069,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/02 09:33:32 | 44,641,555 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/01 07:17:12 | 00,524,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 07:17:12 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 07:17:12 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 07:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/01 07:10:44 | 00,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/01 07:10:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/01 07:10:34 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 21:38:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob\ntuser.ini
[2009/10/30 21:36:15 | 04,836,966 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/10/29 17:04:59 | 00,350,720 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\hjsplit.exe
[2009/10/27 20:07:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/27 20:06:31 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 16:48:49 | 00,000,065 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Default.PLS
[2009/10/24 18:26:58 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 17:43:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 17:39:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 16:49:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/24 14:43:20 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Bob\plugin131.trace
[2009/10/23 11:06:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/23 11:00:47 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\depadunu
[2009/10/23 10:45:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/23 10:34:35 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 13:46:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/21 21:23:39 | 08,877,640 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[2009/10/17 15:33:07 | 00,013,381 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dl
[2009/10/16 10:46:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 04:15:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/15 15:18:41 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk
[2009/10/15 12:08:28 | 04,653,448 | ---- | M] () -- C:\Program Files\fgen_305.exe
[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/05 07:29:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/24 18:26:29 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 17:43:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 10:45:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/23 10:45:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/23 10:42:17 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/23 10:42:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/23 10:42:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/23 10:42:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/23 10:34:21 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 13:46:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/21 23:11:20 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 21:30:40 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:30:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/10/21 21:30:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/21 21:30:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/21 14:55:47 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/17 15:32:45 | 00,013,381 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dl
[2009/10/15 15:18:40 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk
[2009/10/15 12:08:24 | 04,653,448 | ---- | C] () -- C:\Program Files\fgen_305.exe
[2008/10/09 16:37:03 | 01,761,487 | ---- | C] () -- C:\Program Files\SopCastOcx.zip
[2008/07/30 20:35:22 | 00,006,144 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/06/23 12:19:17 | 49,384,056 | ---- | C] () -- C:\Program Files\avg_free_stf_all_8_100a1323.exe
[2008/06/21 06:58:38 | 00,024,320 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/21 02:52:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 03:20:41 | 00,033,979 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/06/20 03:20:40 | 00,106,253 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/06/20 03:01:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/19 01:04:47 | 00,139,776 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 00:06:36 | 04,836,966 | -H-- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2008/04/19 00:06:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob\Application Data\desktop.ini
[2005/03/25 05:42:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/29 11:07:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 10:14:01 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 10:13:28 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 09:47:04 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 09:47:04 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 09:46:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/29 09:46:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/29 02:51:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/11 19:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/06/16 19:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/21 21:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/03/15 00:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/24 14:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/01 21:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR
[2009/05/31 20:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\BID
[2008/07/02 23:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Canneverbe_Limited
[2008/09/25 10:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro
[2003/07/29 10:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\InterTrust
[2008/09/26 19:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit
[2009/10/21 21:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2002/08/29 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/01 07:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >
"{3f963a5b-e555-4543-90e2-c3908898db71}" = C:\Program Files\AVG\AVG8\Firefox -- [2009/11/02 09:41:14 | 00,000,000 | ---D | M]
"avg@igeared" = C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared -- [2009/10/11 18:50:46 | 00,000,000 | ---D | M]
"{20a82645-c095-46ed-80e3-08825760534b}" = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ -- [2009/09/02 02:01:56 | 00,000,000 | ---D | M]

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/01/28 18:33:40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=56E7D7261A4BE548B784760896375D8A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2006/02/28 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2006/02/28 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2006/02/28 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/28 18:48:59 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >

chamber

Nov 3 2009, 08:46 AM

Hi,

1) OTL

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs
2) Kaspersky scan

Dan Ringles

Nov 7 2009, 05:05 AM

OK, I'm having a heck of a time getting Kaspersky to run a complete scan. I've gotten as far as 86% complete and then it freezes. I'll keep trying but in the meantime here's the OTL log. Oh and I came across that Combofix log. Sorry, I assumed it would save to my desktop like everything else has but it didn't. Combofix log will follow the OTL log...

OTL logfile created on: 11/3/2009 3:21:17 PM - Run 3
OTL by OldTimer - Version 3.1.3.1 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 31.60 Mb Available Physical Memory | 14.14% Memory free
594.72 Mb Paging File | 302.37 Mb Available in Paging File | 50.84% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.63 Gb Free Space | 19.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0
Current User Name: Bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 09:41:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 18:50:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 18:54:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 13:25:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 00:51:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

[2009/10/15 14:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download
[2009/03/17 14:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/01/08 19:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}
[2009/09/03 22:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/15 13:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/26 15:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions
[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2009/09/10 13:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/26 15:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/10 13:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/09/10 13:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/10 13:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/03 22:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/03 22:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/05 14:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/03 22:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/03 22:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/03 22:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/03 22:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/03 22:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 09:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/27 22:16:57 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/10/25 13:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/24 17:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 17:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/24 17:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 17:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 16:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/23 10:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/23 10:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/23 10:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/23 10:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/23 10:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/23 10:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/23 10:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/23 10:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com
[2009/10/22 13:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe
[2009/10/21 23:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/21 21:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes
[2009/10/21 21:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software
[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/21 21:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 20:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups
[2009/10/21 14:43:23 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/21 14:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 14:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[2009/04/19 14:13:09 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\Program Files\dvdflick_setup_1.3.0.6.exe
[2009/03/22 00:06:08 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_283a1450.exe
[2008/11/26 16:47:04 | 27,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2008/09/25 10:32:27 | 02,306,336 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup_276.exe
[2008/09/25 10:12:16 | 03,596,242 | ---- | C] (Antibody Software ) -- C:\Program Files\bid_1_38_setup.exe
[2008/09/19 12:18:29 | 06,089,998 | ---- | C] (CCCP Project ) -- C:\Program Files\Combined-Community-Codec-Pack-2008-01-24.exe
[2008/08/02 18:09:21 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe
[2008/07/30 18:08:54 | 63,530,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/07/05 17:38:39 | 06,552,472 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe
[2008/07/02 22:15:19 | 02,978,159 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.1.2.678.exe
[2008/04/20 00:58:03 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/03 15:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 15:17:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 15:17:05 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/03 15:16:07 | 18,350,080 | -H-- | M] () -- C:\Documents and Settings\Bob\NTUSER.DAT
[2009/11/03 15:15:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob\ntuser.ini
[2009/11/03 13:56:12 | 00,140,800 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/03 13:50:54 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/03 13:50:40 | 00,000,088 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Default.PLS
[2009/11/03 09:16:37 | 00,069,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/03 09:16:36 | 44,665,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/03 03:07:37 | 04,837,854 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2009/11/02 21:01:14 | 00,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/02 13:20:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2009/11/01 07:17:12 | 00,524,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 07:17:12 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 07:17:12 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/29 17:04:59 | 00,350,720 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\hjsplit.exe
[2009/10/24 18:26:58 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 17:43:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/24 17:39:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe
[2009/10/24 16:49:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/24 14:43:20 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Bob\plugin131.trace
[2009/10/23 11:06:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/23 11:00:47 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\depadunu
[2009/10/23 10:45:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/23 10:34:35 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 13:46:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/21 21:23:39 | 08,877,640 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe
[2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
[2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/24 18:26:29 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.scr
[2009/10/24 17:43:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 10:45:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/23 10:45:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/23 10:42:17 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/23 10:42:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/23 10:42:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/23 10:42:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/23 10:34:21 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe
[2009/10/22 13:46:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\settings.dat
[2009/10/21 23:11:20 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 21:30:40 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:30:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/10/21 21:30:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/21 21:30:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/21 14:55:47 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
[2009/10/15 12:08:24 | 04,653,448 | ---- | C] () -- C:\Program Files\fgen_305.exe
[2008/10/09 16:37:03 | 01,761,487 | ---- | C] () -- C:\Program Files\SopCastOcx.zip
[2008/07/30 20:35:22 | 00,006,144 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2008/06/23 12:19:17 | 49,384,056 | ---- | C] () -- C:\Program Files\avg_free_stf_all_8_100a1323.exe
[2008/06/21 06:58:38 | 00,024,320 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/21 02:52:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 03:20:41 | 00,033,979 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/06/20 03:20:40 | 00,106,253 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/06/20 03:01:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/19 01:04:47 | 00,140,800 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 00:06:36 | 04,837,854 | -H-- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db
[2008/04/19 00:06:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob\Application Data\desktop.ini
[2005/03/25 05:42:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/29 11:07:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 10:14:01 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 10:13:28 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 09:47:04 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 09:47:04 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 09:46:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/29 09:46:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/29 02:51:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/11 19:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/06/16 19:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/21 21:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/03/15 00:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/24 14:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/01 21:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR
[2009/05/31 20:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\BID
[2008/07/02 23:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Canneverbe_Limited
[2008/09/25 10:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro
[2003/07/29 10:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\InterTrust
[2008/09/26 19:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit
[2009/10/21 21:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software
[2002/08/29 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/03 15:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
< End of report >

ComboFix 09-10-22.01 - Bob 10/24/2009 17:34.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.94 [GMT -7:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt

file zipped: c:\documents and settings\x.exe
file zipped: c:\windows\system32\nugebini.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\x.exe
c:\windows\system32\nugebini.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-22 07:27 . 2009-10-22 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 05:40 . 2009-10-22 05:40 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes
2009-10-22 05:30 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-22 05:30 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-22 05:30 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-22 05:30 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-10-22 05:30 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-10-22 05:30 . 2009-10-22 05:41 -------- d-----w- c:\documents and settings\Bob\Application Data\Simply Super Software
2009-10-22 05:30 . 2009-10-22 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-10-21 22:43 . 2009-10-21 22:43 -------- d-----w- C:\_OTM
2009-10-19 15:43 . 2009-10-19 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 15:18 . 2009-10-21 22:43 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:18 . 2009-10-21 22:43 1 ----a-w- c:\windows\wp3.dat
2009-10-16 07:06 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-16 06:44 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-15 20:34 . 2009-10-16 00:27 -------- d-----w- c:\program files\FlashGet
2009-10-15 20:08 . 2009-10-15 20:08 4653448 ----a-w- c:\program files\fgen_305.exe
2009-10-12 03:59 . 2009-10-12 03:59 -------- d-sh--w- c:\documents and settings\Bob\PrivacIE
2009-09-25 18:46 . 2009-09-25 18:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:15 . 2008-06-23 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 00:52 . 2008-04-19 08:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 00:48 . 2008-04-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 03:58 . 2009-07-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 14:18 . 2008-01-29 02:35 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:23 . 2008-06-20 12:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2008-01-29 02:37 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-01-29 02:36 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 17:01 . 2008-07-01 10:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 17:00 . 2008-07-01 10:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-19 17:00 . 2008-07-01 10:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 19:14 . 2008-06-21 14:58 24320 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2008-01-29 02:35 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2007-07-19 02:40 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-06-23 00:39 . 2008-07-31 04:35 6144 --sha-w- c:\program files\Thumbs.db
2009-04-19 22:13 . 2009-04-19 22:13 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe
2009-03-22 08:12 . 2009-03-22 08:06 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe
2008-11-27 18:50 . 2008-11-27 00:47 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-10 00:38 . 2008-10-10 00:37 1761487 ----a-w- c:\program files\SopCastOcx.zip
2008-09-25 18:32 . 2008-09-25 18:32 2306336 ----a-w- c:\program files\OrbitSetup_276.exe
2008-09-25 18:12 . 2008-09-25 18:12 3596242 ----a-w- c:\program files\bid_1_38_setup.exe
2008-09-19 20:18 . 2008-09-19 20:18 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe
2008-08-03 02:09 . 2008-08-03 02:09 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-07-31 02:12 . 2008-07-31 02:08 63530280 ----a-w- c:\program files\iTunesSetup.exe
2008-07-06 01:38 . 2008-07-06 01:38 6552472 ----a-w- c:\program files\AWCSetup.exe
2008-07-03 06:15 . 2008-07-03 06:15 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe
2008-06-23 20:19 . 2008-06-23 20:19 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe
2008-04-20 08:57 . 2008-04-20 08:58 1495112 ----a-w- c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2008 3:55 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2008 3:55 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:44 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 8:41 PM 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebid.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava11.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava12.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava131.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava32.dll
FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPOJI600.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-25 17:54
ComboFix-quarantined-files.txt 2009-10-25 00:54
ComboFix2.txt 2009-10-23 19:15

Pre-Run: 4,245,483,520 bytes free
Post-Run: 4,207,624,192 bytes free

- - End Of File - - 481E48F5CFCA8EF1DEA18539E43CA22B
Upload was successful

chamber

Nov 7 2009, 11:05 AM

Thanks for the log,

Lets try an offline scanner.

Please download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder. Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box. There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

System Memory

Startup Objects

Disk Boot Sectors.

My Computer.

Also any other drives (Removable that you may have)

After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

Click on Scan at the top right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it as Kas to the desktop
Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.

chamber

Nov 7 2009, 11:06 AM

Double post.

Dan Ringles

Nov 13 2009, 11:29 PM

Detected
--------
Status Object
------ ------
deleted: Trojan program Exploit.JS.Pdfka.akk File: C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\AVGH49WV\forEt[1].pdf//data0000
deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\Qoobox\Quarantine\C\WINDOWS\system32\fedoniko.exe.vir//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\Qoobox\Quarantine\C\WINDOWS\system32\palozora.exe.vir//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\Qoobox\Quarantine\C\WINDOWS\system32\rorerilu.exe.vir//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035163.exe//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035170.exe//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035171.exe//sisa.exe
deleted: Trojan program Trojan.Win32.FraudPack.ybr File: C:\_OTM\MovedFiles\10212009_154323\Program Files\Windows Police Pro\Windows Police Pro.exe
deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035163.exe
deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035170.exe
deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035171.exe

chamber

Nov 17 2009, 08:28 AM

How are things running now?

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Dan Ringles

Nov 20 2009, 04:00 AM

Things seem to be back to normal. I haven't seen any signs of Security Tool or Windows Police Pro. Unfortunately my computer still runs painfully slow. What would you recommend for diagnosing slow performance? My computer is really old but I have the highest grade cable connection my provider offers and a brand new modem.

Here's the Security Check log

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 8.5
``````````````````````````````
Anti-malware/Other Utilities Check:
Advanced WindowsCare Personal
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

chamber

Nov 20 2009, 08:33 AM

Visit THIS website to obtain the latest update for Adobe reader, yours is quite out of date now.

It may also be a good idea to do a good defrag on the system.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.

Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Dan Ringles

Nov 23 2009, 09:48 PM

OK I updated Adobe and ran Auslogics Disk Defrag. Computer still super slow.
As far as I know I don't have any script blocking so I went ahead and ran DDS. It never gave me a prompt for an optional scan. It just spit out the 2 log files.Click to view attachment

DDS (Ver_09-11-23.01) - NTFSx86
Run by Bob at 13:31:10.70 on Mon 11/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bob\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidqueue.htm
IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlinkqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebid.htm
IE: Open current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\apwncr8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? FXDRV;FXDRV
S? avg8emc;AVG Free8 E-mail Scanner
S? avg8wd;AVG8 WatchDog
S? AvgLdx86;AVG AVI Loader Driver x86
S? AvgTdiX;AVG8 Network Redirector
S? FreeAgentGoNext Service;Seagate Service
S? SeaPort;SeaPort

=============== Created Last 30 ================

2009-11-23 21:32:04 29 ----a-w- c:\documents and settings\bob\InstallDate
2009-11-23 21:32:04 0 ----a-w- c:\documents and settings\bob\Created00
2009-11-23 21:32:03 22093 ----a-w- c:\documents and settings\bob\WhiteDir
2009-11-23 21:32:03 127 ----a-w- c:\documents and settings\bob\whitedirB
2009-11-23 21:31:54 54 ----a-w- c:\documents and settings\bob\FILES00
2009-11-23 21:31:01 41 ----a-w- c:\documents and settings\bob\XP.mac
2009-11-23 07:40:48 0 d-----w- c:\docume~1\bob\applic~1\Auslogics
2009-11-23 07:40:10 0 d-----w- c:\program files\Auslogics
2009-11-05 06:08:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-05 06:08:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 03:37:31 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-26 03:37:31 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-25 21:56:32 0 d-s---w- C:\ComboFix
2009-10-25 02:26:29 524288 ----a-w- C:\dds.scr
2009-10-25 01:43:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 01:43:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 01:43:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-11-23 21:32:11 2 ----a-w- c:\documents and settings\bob\f3m0.dat
2009-11-03 22:03:27 6144 --sha-w- c:\program files\Thumbs.db
2009-10-15 20:08:28 4653448 ----a-w- c:\program files\fgen_305.exe
2009-10-11 15:10:09 236544 ----a-w- c:\windows\PEV.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-04-19 22:13:12 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe
2009-03-22 08:12:42 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe
2008-11-27 18:50:58 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-10-10 00:38:07 1761487 ----a-w- c:\program files\SopCastOcx.zip
2008-09-25 18:32:50 2306336 ----a-w- c:\program files\OrbitSetup_276.exe
2008-09-25 18:12:30 3596242 ----a-w- c:\program files\bid_1_38_setup.exe
2008-09-19 20:18:37 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe
2008-08-03 02:09:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2008-07-31 02:12:08 63530280 ----a-w- c:\program files\iTunesSetup.exe
2008-07-06 01:38:57 6552472 ----a-w- c:\program files\AWCSetup.exe
2008-07-03 06:15:05 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe
2008-06-23 20:19:44 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe
2008-04-20 08:57:42 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-08-25 23:16:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 13:33:47.51 ===============

chamber

Nov 24 2009, 09:10 AM

Hi,

Few things that I have noticed,

QUOTE

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free

That is not a lot of memory, you could do with adding more, you can pick up a gig of RAM for very cheap nowadays and you would notice a marked improvement.

Also, you have a couple entries for Norton.

Please visit HERE, determine the version of the Symantec product that is installed. (To determine the version, click Help and About.)

Select the appropriate link for the product that you want to uninstall and then run the tool.

Follow the on-screen instructions.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Dan Ringles

Nov 24 2009, 10:30 PM

I'm having trouble finding Norton on my computer. The only thing I found was C:\Program Files\Symantec\LiveUpdate. The files inside are dated 2002. But 2003 is the earliest version of Norton that the Removal Tool lists. Am I not looking in the right place? There's no entry for Symantec or Norton when I go into Start>All Programs or Add/Remove Programs.

chamber

Nov 25 2009, 06:38 PM

Any of the removal tools should work, but the entries you found are what I was referring to.

Maurice Naggar

Dec 7 2009, 05:23 PM

This topic closed due to lack of response. If you need it re-opened, send me a PM.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.