Not a computer expert, so bear with me.

I have a nasty case of what I will call the "System Security" virus; included the link because this is what I had been getting on startup.

http://www.virusremovalguru.com/?p=796

I won't go into all the issues with this, as I'm guessing you have seen it before. If more details about what are infected/not working are needed, please let me know what to check and I will supply. I was able to disable the big crash by running msconfig in safe mode and then disabling all the startup processes. I think it was systra in the list, but I also have a troy44 there which can't be good. I'm back to my normal desktop, with limited programs being able to run and limited access to the web; even the Google toolbar doesn't seem to work in Firefox.

I'm not able to run Hijackthis or Malwarebytes in normal Windows or safe mode. I ran AVG in safe mode which picked up some stuff, but it apparently didn't help.I have tried to save the install executables under different names on the auxilary comp and then move to the infected one on flash drive, but no go. The all will "run" but then sit in the processes list of the task manager with very low memory usage and no CPU time. Oh, and I'm running Windows XP wiht

Please let me know what other info to provide, or next steps to get Hijack This to run and allow you to get more info.

Thanks.

Rob

Hi Rob,

Welcome to Malwarebytes'. Lets see if we can clean up your computer.


You have an infection that is preventing MBAM from running.

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Thanks for the quick reply.

Pretty long, so I've attached the text file.

Hi Rob,

You're welcome.

The reason MBAM and other programs are not working is because you have a CLB Rootkit infection. Once we nuke the drivers, we can have MBAM clean up the malicious files.


Open up RootRepeal again. This time:

• Click on the Drivers tab.
• Navigate to this driver UACptavptpsnevfjtkku.sys
• Right click on it and select Wipe File
• Then reboot your computer.

Once your computer reboots please try:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So far so good... thanks again for the help. Log is as follows:

---------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 5.1.2600 Service Pack 3

7/12/2009 2:18:28 PM
mbam-log-2009-07-12 (14-18-28).txt

Scan type: Quick Scan
Objects scanned: 93366
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Connor\Local Settings\Temp\554947341147mmx.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Connor\Local Settings\Temp\554947341147mmx.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\WINDOWS\system32\tpsaxyd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACdkyheqonoixewhoxl.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACjuxwolbuvmqhedcvd.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACmirokixolmekmndwj.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACruyhmmhboswxdjmwx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACyxxriyeqqddiyapnp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\lko0ij8uyhg8ujuyt6hu7gnvc44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\rasvsnet.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\tdl1.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\tdl2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\tdl5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Connor\local settings\Temp\db.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\U7WXA5I7\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\W3YZIJ2F\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\UACptavptpsnevfjtkku.sys (Trojan.Agent) -> Quarantined and deleted successfully.

---------------------------------

Let me know whats next.

You're welcome. Seems MBAM cleaned up those malicious files after we nuked the driver that was preventing MBAM to run.


I would like to take a closer look to see if there is any thing that got away:

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Extras.txt:

------------------------------------------

OTL Extras logfile created on: 7/12/2009 2:50:25 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Connor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 488.58 Mb Available Physical Memory | 47.80% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 92.34 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 108.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 487.88 Mb Total Space | 12.75 Mb Free Space | 2.61% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KURSELCO
Current User Name: Connor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63ECAAF0-425A-40DD-B6CD-C987F0E95005}" = Motorola Driver Installation 3.3.0
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.4.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 5.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrimoPDF3.0" = PrimoPDF
"PROSet" = Intel® PRO Network Connections Drivers
"PSP Video 9" = PSP Video 9 1.74
"RealPlayer 6.0" = RealPlayer Basic
"Sametime Client v6.5.1" = Sametime Client v6.5.1
"Termiserv" = sala's WinXP SP2 Terminal Server Patch
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"kernel" = kernel

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2009 9:01:44 PM | Computer Name = KURSELCO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/30/2009 9:01:44 PM | Computer Name = KURSELCO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2009 2:10:50 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 7/11/2009 4:58:05 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 7/11/2009 5:29:30 PM | Computer Name = KURSELCO | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\Connor\LOCALS~1\Temp\STOPzilla!\SZPro5.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 7/11/2009 5:45:04 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 7/11/2009 5:58:20 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ccleaner.exe, version 2.21.0.940, faulting module
ccleaner.exe, version 2.21.0.940, fault address 0x0003e540.

Error - 7/11/2009 6:15:37 PM | Computer Name = KURSELCO | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2009 12:44:24 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 7/12/2009 1:37:09 PM | Computer Name = KURSELCO | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

[ System Events ]
Error - 7/12/2009 1:35:35 PM | Computer Name = KURSELCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/12/2009 1:37:57 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%126

Error - 7/12/2009 1:37:57 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service
service to connect.

Error - 7/12/2009 1:37:57 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%1053

Error - 7/12/2009 1:39:00 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/12/2009 1:39:02 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/12/2009 1:39:06 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/12/2009 1:39:11 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 7/12/2009 3:12:04 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%126

Error - 7/12/2009 3:21:30 PM | Computer Name = KURSELCO | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%126


< End of report >

------------------------------------------



OTL logfile created on: 7/12/2009 2:50:25 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Connor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 488.58 Mb Available Physical Memory | 47.80% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 92.34 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 108.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 487.88 Mb Total Space | 12.75 Mb Free Space | 2.61% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KURSELCO
Current User Name: Connor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\taskmgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Connor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (n558 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\n558.sys ()
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SSKBFD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wceusbsh [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.13
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/19 18:35:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/19 13:46:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/12 14:25:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/29 18:13:35 | 00,000,000 | ---D | M]

[2009/07/03 10:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Extensions
[2008/08/27 22:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/03 10:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/07/12 14:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\bj1w6pvf.default\extensions
[2009/06/05 19:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\bj1w6pvf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/11 17:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\bj1w6pvf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/04 21:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\mozilla\Firefox\Profiles\bj1w6pvf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/12 12:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 16:57:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/01 10:19:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 19:33:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/19 12:57:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/19 13:48:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/01 05:17:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 19:26:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/12 16:57:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 16:57:38 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/08/07 14:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/06/12 16:57:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004/12/14 03:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/29 18:13:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/29 18:13:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/12/20 18:22:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/20 18:22:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/20 18:22:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/20 18:22:15 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/20 18:22:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/20 18:22:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/20 18:22:15 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1B6BA550-10C7-4BEE-82B9-DF2AAAA876A1} - C:\WINDOWS\System32\qoMfeCro.dll File not found
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\System32\dwabho.dll (IBM Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EasyLinkAdvisor] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://www.team.insidebrady.com/qp2.cab (QuickPlace Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (Webshots Multiple Media Uploader - Container)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://namail01.insidebrady.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.24.7.10 65.24.7.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (qzemfr.dll) - File not found
O20 - AppInit_DLLs: (qypgny.dll) - File not found
O20 - AppInit_DLLs: (xdmgnn.dll) - File not found
O20 - AppInit_DLLs: (C:\DOCUME~1\Connor\LOCALS~1\Temp\554947341147mmx.dll) - C:\DOCUME~1\Connor\LOCALS~1\Temp\554947341147mmx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/16 21:16:49 | 00,000,067 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2007/05/23 11:26:46 | 00,102,064 | R--- | M] (Cisco Systems, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kedawija
[2009/07/12 14:41:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/12 14:40:05 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Connor\Desktop\OTL.exe
[2009/07/12 13:55:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\Desktop\fixer
[2009/07/12 13:54:53 | 00,451,655 | ---- | C] () -- C:\Documents and Settings\Connor\Desktop\fixer.zip
[2009/07/12 12:00:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Connor\Desktop\HJTInstall.exe
[2009/07/12 11:54:57 | 00,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/12 11:54:53 | 00,000,000 | ---D | C] -- C:\Program Files\Tool
[2009/07/12 11:54:19 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connor\Desktop\toool1.exe
[2009/07/11 16:54:18 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Connor\Desktop\CCleaner.lnk
[2009/07/11 16:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/11 16:54:08 | 03,252,640 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Connor\Desktop\ccsetup221.exe
[2009/07/11 16:48:55 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connor\Desktop\mbam-sedastup.exe
[2009/07/11 16:47:32 | 00,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
[2009/07/11 16:47:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/11 16:43:01 | 02,855,080 | ---- | C] () -- C:\Documents and Settings\Connor\Desktop\aawsepersonal.exe
[2009/07/11 16:42:59 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Connor\Desktop\WinsockxpFix.exe
[2009/07/11 16:29:12 | 00,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Connor\Desktop\STOPzilla_Setup.exe
[2009/07/11 16:11:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/07/11 16:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\Desktop\New Folder
[2009/07/11 10:58:41 | 03,976,714 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/11 10:25:41 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\UACemscudaupsfydyoew.db
[2009/07/11 10:25:37 | 00,000,310 | ---- | C] () -- C:\WINDOWS\System32\UACqepurpunclopyuxeo.dat
[2009/07/11 10:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\14893904
[2009/07/05 13:00:29 | 23,635,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/05 12:42:38 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/05 12:42:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/05 12:42:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/05 12:42:37 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/05 12:42:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/05 12:42:36 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/05 12:42:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/05 12:42:35 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/05 12:42:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/05 12:41:12 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/07/05 12:41:12 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/07/03 10:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\My Documents\LimeWire
[2009/07/03 10:03:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\Application Data\LimeWire
[2009/07/03 10:01:10 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\Connor\Desktop\LimeWire 5.1.4.lnk
[2009/07/03 10:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/07/01 21:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2009/06/29 18:14:27 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/29 18:14:24 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/06/29 18:14:24 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/06/29 18:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/29 18:14:00 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/29 18:14:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/29 18:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/29 18:13:27 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/29 18:12:40 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/29 18:12:03 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/29 18:12:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Connor\Local Settings\Application Data\Apple
[2009/06/29 18:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/06/29 18:11:49 | 02,060,288 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/06/29 18:11:49 | 00,039,424 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/06/29 18:11:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/06/29 18:11:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/29 18:04:33 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/06/29 18:04:33 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/06/29 18:04:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/06/29 18:04:32 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2007/08/15 08:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/07/15 15:38:30 | 00,000,083 | ---- | C] () -- C:\WINDOWS\CheetaChat.INI
[2007/04/14 15:53:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\YAHELITE_IGNORE.INI
[2007/04/14 15:49:55 | 00,002,796 | ---- | C] () -- C:\WINDOWS\YAHELITE.INI
[2007/02/08 20:31:29 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/01/12 20:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/11 20:19:45 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/08/31 12:46:13 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/08/28 20:27:28 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/28 20:27:28 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\38B43C4E4E.sys
[2006/08/09 21:53:47 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/07/27 18:32:45 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/27 18:26:09 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/07/23 08:50:26 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4E4E3CB438.sys
[2006/07/21 19:49:11 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/21 19:49:11 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/07/20 20:31:41 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\audiozrh51.dll
[2006/07/20 20:31:40 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2006/07/20 20:31:40 | 00,145,920 | ---- | C] () -- C:\WINDOWS\System32\wav2.dll
[2006/07/20 20:31:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2006/07/18 17:12:52 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/14 22:34:01 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/14 22:27:18 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/14 21:56:36 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,000,678 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/07/12 14:39:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Connor\Desktop\OTL.exe
[2009/07/12 14:26:02 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 14:26:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/12 14:26:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/07/12 14:20:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/12 14:20:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 14:20:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 14:11:33 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/12 14:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\ubpdgejp.job
[2009/07/12 13:55:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/12 13:54:10 | 00,451,655 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\fixer.zip
[2009/07/12 12:36:52 | 03,976,714 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/07/12 12:00:52 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Connor\Desktop\HJTInstall.exe
[2009/07/12 11:46:05 | 38,089,105 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/12 11:46:05 | 00,025,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/11 17:17:36 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connor\Desktop\toool1.exe
[2009/07/11 16:54:18 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\CCleaner.lnk
[2009/07/11 16:54:09 | 03,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Connor\Desktop\ccsetup221.exe
[2009/07/11 16:49:18 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Connor\Desktop\mbam-sedastup.exe
[2009/07/11 16:47:32 | 00,000,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
[2009/07/11 16:35:44 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/11 16:29:11 | 00,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Connor\Desktop\STOPzilla_Setup.exe
[2009/07/11 15:58:29 | 04,273,136 | -H-- | M] () -- C:\Documents and Settings\Connor\Local Settings\Application Data\IconCache.db
[2009/07/11 10:25:45 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\UACemscudaupsfydyoew.db
[2009/07/11 10:25:37 | 00,000,310 | ---- | M] () -- C:\WINDOWS\System32\UACqepurpunclopyuxeo.dat
[2009/07/11 08:10:48 | 00,154,112 | ---- | M] () -- C:\Documents and Settings\Connor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/10 19:02:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/05 13:30:32 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/05 13:30:32 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/05 13:30:32 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/05 13:26:09 | 00,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/03 10:01:10 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\Connor\Desktop\LimeWire 5.1.4.lnk
[2009/07/02 08:09:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/29 18:13:27 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/06/29 18:12:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/29 18:00:45 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/19 20:31:44 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/19 20:31:44 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\38B43C4E4E.sys
[2009/06/19 18:34:43 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/07/11 10:24:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/29 18:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/12 12:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\14893904
[2008/10/04 22:57:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/07/29 10:49:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/01/26 19:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/03/14 20:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/02/20 19:57:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2007/12/12 22:01:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/04 22:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/05 12:32:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Connor\Application Data
[2008/10/04 22:58:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\acccore
[2006/07/27 20:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Ahead
[2009/07/11 16:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Azureus
[2009/02/16 19:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Corel
[2006/07/23 08:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Corel Photo Album
[2009/01/26 19:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\DAEMON Tools
[2009/01/26 19:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\DAEMON Tools Lite
[2009/01/26 19:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\DAEMON Tools Pro
[2006/08/17 17:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\dvdcss
[2006/07/26 17:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Leadertech
[2009/07/03 10:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\LimeWire
[2008/11/26 17:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\MSNInstaller
[2007/03/14 20:16:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\SlySoft
[2007/12/13 20:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Tor
[2007/04/28 15:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\Viewpoint
[2008/07/03 17:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Connor\Application Data\W Photo Studio Viewer
[2009/07/02 08:09:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/12 14:20:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/12 14:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\ubpdgejp.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >

Hi Rob,


Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad: (Do not include the word code when you copy it though)



3. Save the file as "Move.bat". Make sure to save it with the quotation marks.

4. Double click Move.bat.


Zip that folder titled Malware, and attach it here:
http://www.malwarebytes.org/forums/index.php?showforum=55

So we can upload those files to MBAM.



Step #2

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.


Step #3

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :OTL
  O2 - BHO: (no name) - {1B6BA550-10C7-4BEE-82B9-DF2AAAA876A1} - C:\WINDOWS\System32\qoMfeCro.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
  O20 - AppInit_DLLs: (qzemfr.dll) - File not found
  O20 - AppInit_DLLs: (qypgny.dll) - File not found
  O20 - AppInit_DLLs: (xdmgnn.dll) - File not found
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2007/05/23 11:26:46 | 00,102,064 | R--- | M] (Cisco Systems, Inc.)
  
  :Services
  Viewpoint Manager Service
  
  :Files
  C:\WINDOWS\System32\kedawija
  C:\WINDOWS\System32\uactmp.db
  C:\WINDOWS\System32\UACemscudaupsfydyoew.db
  C:\WINDOWS\System32\UACqepurpunclopyuxeo.dat
  C:\WINDOWS\System32\38B43C4E4E.sys
  C:\WINDOWS\System32\4E4E3CB438.sys
  C:\WINDOWS\Tasks\ubpdgejp.job
  C:\Program Files\Viewpoint
  C:\Documents and Settings\All Users\Application Data\Viewpoint
  C:\Documents and Settings\All Users\Application Data\14893904
  C:\Documents and Settings\Connor\Application Data\Viewpoint
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Again, thanks for the help. I've done steps 1-3, however I'm unable to upload the move.bat results, as the malware folder is ~2 MB even when zipped to the highest compression.

Thanks for letting me know. No problem.


Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

I'm striking out on both of the links to download the combofix.exe program; link one, going through geekstogo, is takes me to a landing page saying that geekstogo no longer hosts the mirror of combofix. I tried both the mirrors on the landing page there; mirror 1 gives a 404 file not found, and mirror 2 appears to be the same url as your link 2, which drops me at the http://www.forospyware.com/ page. I don't speak Spanish well, so I'm not too confident about looking around the message boards for the appropriate executable.

Thoughts?

Hi Rob, the first link takes you to the download page, and if you click Download File Button, it should download it for you.

If not try this link http://download.bleepingcomputer.com/sUBs/ComboFix.exe

I'm getting a warning (warning.jpg) that AVG is still running; tried to disable it on startup, and don't see it in the task manager.

Should I proceed with running combofix?

Yes continue with running ComboFix

Here's the log.

Thanks rdeer1987

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\system32\drivers\otttesdq.sys
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

The virusscan website does not allow cutting and pasting of a path; you need to navigate through the "browse" button to find the file. I searched my C: drive for the filename you had provided, and nothing is coming up.

Please Set Your System to Show Hidden Files
If you are using Windows XP or earlier:

1. Go to Start -> My Computer (Or click the My Computer icon on your desktop)
2. Go to the Tools Menu -> Folder Options.
3. Select the "View" tab.
4. Where you see , click the radio button.
5. Uncheck "Hide extensions for known file types"
6. Uncheck "Hide protected operating system files"
7. Click Ok.
8. Exit/Close My Computer.

Then you should be able to navigate to it now:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\system32\drivers\otttesdq.sys
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Hi,

Sorry, I did not mention that I had those settings before; is it possible that AVG would have deleted this as part of a scan?

Its possible, so there is no c:\windows\system32\drivers\otttesdq.sys

If there is, I don't know where it is; I also tried scanning all of the C: drive for it, and I had used the advanced option to include hidden files and folders.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Again, thanks for the help on this.

log.txt>>>>>
Logfile of random's system information tool 1.06 (written by random/random)
Run by Connor at 2009-07-22 18:09:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 91 GB (61%) free of 149 GB
Total RAM: 1022 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:17 PM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Connor\Desktop\RSIT.exe
C:\Program Files\trend micro\Connor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.team.insidebrady.com/qp2.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://namail01.insidebrady.com/dwa7W.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6260 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-06 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2709D830-B643-4e72-9A1E-701CFFFCF30C}]
DWABrowserHlprObj Class - C:\WINDOWS\system32\dwabho.dll [2007-01-18 83704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-02-06 161352]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-19 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14893904]
C:\Documents and Settings\All Users\Application Data\14893904\14893904.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
C:\Program Files\kernel\kernel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\Connor\Application Data\SpeedRunner\SpeedRunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\troy44]
C:\WINDOWS\troy44.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twain]
C:\Documents and Settings\Connor\Application Data\Twain\Twain.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2
"avg8emc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-19 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-07-22 18:09:12 ----D---- C:\rsit
2009-07-22 18:09:12 ----D---- C:\Program Files\trend micro
2009-07-21 18:20:53 ----D---- C:\Program Files\Free M4a to MP3 Converter
2009-07-19 10:39:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-19 10:39:15 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-18 11:14:43 ----SHD---- C:\RECYCLER
2009-07-18 09:51:47 ----A---- C:\ComboFix.txt
2009-07-18 09:46:08 ----A---- C:\WINDOWS\system32\proquota.exe
2009-07-18 09:36:08 ----A---- C:\Boot.bak
2009-07-18 09:35:59 ----RASHD---- C:\cmdcons
2009-07-15 18:31:02 ----A---- C:\WINDOWS\zip.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\SWSC.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\SWREG.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\sed.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\PEV.exe
2009-07-15 18:31:02 ----A---- C:\WINDOWS\grep.exe
2009-07-14 18:03:40 ----HD---- C:\WINDOWS\PIF
2009-07-14 17:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 17:30:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 17:27:53 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 17:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-12 14:41:19 ----D---- C:\_OTL
2009-07-12 13:56:16 ----A---- C:\RootRepeal report 07-12-09 (13-56-16).txt
2009-07-12 12:25:16 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-12 11:54:53 ----D---- C:\Program Files\Tool
2009-07-11 16:54:17 ----D---- C:\Program Files\CCleaner
2009-07-11 16:47:32 ----D---- C:\Program Files\Lavasoft
2009-07-11 16:11:34 ----D---- C:\WINDOWS\CSC
2009-07-05 13:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-05 13:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-05 13:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-05 13:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-05 13:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-05 13:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-05 13:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-05 13:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-05 13:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-05 13:00:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-05 13:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-05 12:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-05 12:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-05 12:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-05 12:41:12 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-03 10:03:33 ----D---- C:\Documents and Settings\Connor\Application Data\LimeWire
2009-07-03 10:00:51 ----D---- C:\Program Files\LimeWire
2009-07-01 21:49:29 ----D---- C:\Program Files\Linksys EasyLink Advisor
2009-06-29 18:14:24 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-06-29 18:14:04 ----D---- C:\Program Files\iPod
2009-06-29 18:14:00 ----D---- C:\Program Files\iTunes
2009-06-29 18:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 18:13:47 ----D---- C:\Program Files\Bonjour
2009-06-29 18:11:59 ----D---- C:\Program Files\Apple Software Update
2009-06-29 18:11:49 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-29 18:11:34 ----D---- C:\Program Files\Common Files\Apple
2009-06-29 18:11:33 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-29 18:04:33 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-06-29 18:04:32 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 months======

2009-07-22 18:09:12 ----D---- C:\Program Files
2009-07-22 18:09:08 ----D---- C:\WINDOWS\Prefetch
2009-07-22 18:08:20 ----D---- C:\Program Files\Mozilla Firefox
2009-07-22 17:59:35 ----D---- C:\WINDOWS\Temp
2009-07-22 17:59:35 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-07-21 21:07:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-21 20:13:10 ----D---- C:\Documents and Settings\Connor\Application Data\Azureus
2009-07-21 18:17:39 ----RASH---- C:\boot.ini
2009-07-21 18:17:39 ----A---- C:\WINDOWS\win.ini
2009-07-21 18:17:39 ----A---- C:\WINDOWS\system.ini
2009-07-21 18:17:37 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-19 12:05:29 ----HD---- C:\$AVG8.VAULT$
2009-07-19 10:39:27 ----D---- C:\WINDOWS\system32
2009-07-19 10:39:26 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 10:39:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-19 10:38:58 ----SHD---- C:\WINDOWS\Installer
2009-07-19 10:37:54 ----SD---- C:\Documents and Settings\Connor\Application Data\Microsoft
2009-07-19 10:37:54 ----D---- C:\WINDOWS
2009-07-18 09:51:50 ----D---- C:\QooBox
2009-07-18 09:50:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-18 09:50:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 09:46:25 ----D---- C:\WINDOWS\system32\config
2009-07-18 09:46:18 ----D---- C:\WINDOWS\erdnt
2009-07-18 09:45:18 ----D---- C:\WINDOWS\AppPatch
2009-07-18 09:45:16 ----D---- C:\Program Files\Common Files
2009-07-15 18:31:00 ----SHD---- C:\System Volume Information
2009-07-15 18:31:00 ----D---- C:\WINDOWS\system32\Restore
2009-07-14 17:30:43 ----HD---- C:\WINDOWS\inf
2009-07-14 17:30:39 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 17:28:02 ----D---- C:\WINDOWS\Debug
2009-07-13 18:20:27 ----SD---- C:\WINDOWS\Tasks
2009-07-12 13:55:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-11 16:58:11 ----D---- C:\WINDOWS\Minidump
2009-07-11 16:47:35 ----D---- C:\Documents and Settings\Connor\Application Data\Lavasoft
2009-07-11 16:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-05 14:21:14 ----D---- C:\Program Files\Azureus
2009-07-05 13:44:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-05 13:30:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-05 13:26:06 ----D---- C:\WINDOWS\system32\wbem
2009-07-05 13:05:30 ----D---- C:\WINDOWS\WinSxS
2009-07-05 12:59:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-05 12:59:58 ----D---- C:\Program Files\Internet Explorer
2009-07-05 08:32:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-01 21:50:18 ----HD---- C:\Documents and Settings\Connor\Application Data\Gtek
2009-07-01 21:49:30 ----AHD---- C:\Documents and Settings\All Users\Application Data\GTek
2009-06-29 18:26:32 ----D---- C:\Documents and Settings\Connor\Application Data\Apple Computer
2009-06-29 18:14:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-29 18:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-29 18:13:26 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-19 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-14 8552]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-03-05 77000]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
S3 agxd33hq;agxd33hq; C:\WINDOWS\system32\drivers\agxd33hq.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Connor\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-07-07 14848]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 906520]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-19 298776]

-----------------EOF-----------------

into.txt>>>>>>
info.txt logfile of random's system information tool 1.06 2009-07-22 18:09:20

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Free Mp3 Wma Converter V 1.4.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Connor\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Magellan POI File Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{104A059B-CD20-4632-A8F6-D8C80E14782D}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Tool\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Driver Installation 3.3.0-->MsiExec.exe /I{63ECAAF0-425A-40DD-B6CD-C987F0E95005}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PSP Video 9 1.74-->C:\Program Files\pspvideo9\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
sala's WinXP SP2 Terminal Server Patch-->"C:\Program Files\salas Termiserv Patch\uninst.exe"
Sametime Client v6.5.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lotus\Sametime Client\STCUnins.isu"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 Gold-->C:\Program Files\InstallShield Installation Information\{55502C49-F061-428C-BF26-06ECDFB3AC29}\setup.exe -runfromtemp -l0x0009 -removeonly
SnagIt 8-->MsiExec.exe /I{0F0447B4-6DDD-4831-933A-1EDF52091150}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: KURSELCO
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28312
Source Name: Tcpip
Time Written: 20090429061817.000000-300
Event Type: warning
User:

Computer Name: KURSELCO
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28269
Source Name: Tcpip
Time Written: 20090427214249.000000-300
Event Type: warning
User:

Computer Name: KURSELCO
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28247
Source Name: Tcpip
Time Written: 20090427044840.000000-300
Event Type: warning
User:

Computer Name: KURSELCO
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 28225
Source Name: Tcpip
Time Written: 20090426094646.000000-300
Event Type: warning
User:

Computer Name: KURSELCO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 28203
Source Name: W32Time
Time Written: 20090425211010.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: KURSELCO
Event Code: 1002
Message: Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4113
Source Name: Application Hang
Time Written: 20080113182932.000000-360
Event Type: error
User:

Computer Name: KURSELCO
Event Code: 1002
Message: Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4112
Source Name: Application Hang
Time Written: 20080113182740.000000-360
Event Type: error
User:

Computer Name: KURSELCO
Event Code: 1002
Message: Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4111
Source Name: Application Hang
Time Written: 20080113182644.000000-360
Event Type: error
User:

Computer Name: KURSELCO
Event Code: 1002
Message: Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4110
Source Name: Application Hang
Time Written: 20080113182643.000000-360
Event Type: error
User:

Computer Name: KURSELCO
Event Code: 1000
Message: Faulting application yahoomessenger.exe, version 8.1.0.421, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f6c.

Record Number: 4106
Source Name: Application Error
Time Written: 20080113095453.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

You're welcome.



Please download the OTM by OldTimer.

• Save it to your desktop.
• Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :processes
  explorer.exe
  
  :Files
  C:\WINDOWS\troy44.exe
  
  :Reg
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\troy44]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\Documents and Settings\Connor\Application Data\Twain\Twain.exe
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Hi,

Here is the OTC log:

File/Folder C:\Program Files\ihehohsd\elcrmxqp.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\vcbwhcfi.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\rmvofalq.dll not found.
C:\WINDOWS\troy44.exe moved successfully.
File/Folder C:\WINDOWS\system32\nwinlldq.exe not found.
File/Folder c:\windows\system32\ldcore.dll not found.

Created on 01/01/2008 09:25:13


I have also removed all of the java updates; were those malware/spyware, or just excess updates?

As far as twain.exe, it is not in that location or anywhere else I can find; I again searched the C: drive for "twain", and no hits.

They were excess updates.


Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Hi,

Here's the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2515
Windows 5.1.2600 Service Pack 3

7/27/2009 6:29:35 PM
mbam-log-2009-07-27 (18-29-35).txt

Scan type: Quick Scan
Objects scanned: 92089
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\zawibavu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kiduruka.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mebokewe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yupujufo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0ce28c0-92a8-4e80-bc4e-85a05e598c84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c0ce28c0-92a8-4e80-bc4e-85a05e598c84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c0ce28c0-92a8-4e80-bc4e-85a05e598c84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmaf927896 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zinajibage (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zawibavu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zawibavu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mebokewe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mebokewe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mebokewe.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\zawibavu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kiduruka.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yupujufo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mebokewe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\hukovefo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vavosiwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hojubipa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Hi,

Again, appreciate all the help. Here is the log:



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:89 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 07/28/2009|20:51 )

--------------------\\ Listing folders in APPLIC~1

[01/17/2007|08:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Gtek
[08/11/2004|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[07/19/2009|10:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/14/2006|10:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[06/29/2009|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[10/04/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[11/22/2008|05:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/29/2006|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[10/04/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/04/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/29/2009|06:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/29/2009|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/19/2009|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVG Security Toolbar
[07/19/2009|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/26/2009|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DAEMON Tools Lite
[07/01/2009|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[07/14/2006|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[04/12/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/17/2009|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/08/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/20/2007|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[07/11/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/19/2006|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/11/2004|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/14/2007|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SlySoft
[07/14/2006|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[04/12/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/20/2007|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith
[12/12/2007|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[07/18/2006|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/26/2008|05:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[10/26/2008|06:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[10/04/2008|10:58] C:\DOCUME~1\User\APPLIC~1\<DIR> acccore
[12/14/2007|09:38] C:\DOCUME~1\User\APPLIC~1\<DIR> Adobe
[11/22/2008|06:00] C:\DOCUME~1\User\APPLIC~1\<DIR> AdobeUM
[07/27/2006|08:11] C:\DOCUME~1\User\APPLIC~1\<DIR> Ahead
[06/29/2009|06:26] C:\DOCUME~1\User\APPLIC~1\<DIR> Apple Computer
[07/21/2009|08:13] C:\DOCUME~1\User\APPLIC~1\<DIR> Azureus
[02/16/2009|07:18] C:\DOCUME~1\User\APPLIC~1\<DIR> Corel
[07/23/2006|08:50] C:\DOCUME~1\User\APPLIC~1\<DIR> Corel Photo Album
[01/26/2009|07:41] C:\DOCUME~1\User\APPLIC~1\<DIR> DAEMON Tools
[01/26/2009|07:41] C:\DOCUME~1\User\APPLIC~1\<DIR> DAEMON Tools Lite
[01/26/2009|07:41] C:\DOCUME~1\User\APPLIC~1\<DIR> DAEMON Tools Pro
[01/20/2007|11:47] C:\DOCUME~1\User\APPLIC~1\<DIR> DivX
[08/17/2006|05:31] C:\DOCUME~1\User\APPLIC~1\<DIR> dvdcss
[07/01/2009|09:50] C:\DOCUME~1\User\APPLIC~1\<DIR> Gtek
[07/19/2006|09:06] C:\DOCUME~1\User\APPLIC~1\<DIR> Help
[08/11/2004|05:20] C:\DOCUME~1\User\APPLIC~1\<DIR> Identities
[11/03/2007|03:52] C:\DOCUME~1\User\APPLIC~1\<DIR> InstallShield
[07/11/2009|04:47] C:\DOCUME~1\User\APPLIC~1\<DIR> Lavasoft
[07/26/2006|05:06] C:\DOCUME~1\User\APPLIC~1\<DIR> Leadertech
[07/03/2009|10:34] C:\DOCUME~1\User\APPLIC~1\<DIR> LimeWire
[03/11/2007|06:30] C:\DOCUME~1\User\APPLIC~1\<DIR> Macromedia
[01/17/2009|08:36] C:\DOCUME~1\User\APPLIC~1\<DIR> Malwarebytes
[07/19/2009|10:37] C:\DOCUME~1\User\APPLIC~1\<DIR> Microsoft
[08/27/2008|10:06] C:\DOCUME~1\User\APPLIC~1\<DIR> Mozilla
[11/26/2008|05:40] C:\DOCUME~1\User\APPLIC~1\<DIR> MSNInstaller
[03/14/2007|08:16] C:\DOCUME~1\User\APPLIC~1\<DIR> SlySoft
[07/26/2006|05:06] C:\DOCUME~1\User\APPLIC~1\<DIR> Sonic
[07/14/2006|10:13] C:\DOCUME~1\User\APPLIC~1\<DIR> Sun
[12/13/2007|08:23] C:\DOCUME~1\User\APPLIC~1\<DIR> Tor
[07/29/2006|10:47] C:\DOCUME~1\User\APPLIC~1\<DIR> vlc
[07/03/2008|05:47] C:\DOCUME~1\User\APPLIC~1\<DIR> W Photo Studio Viewer
[07/18/2006|05:41] C:\DOCUME~1\User\APPLIC~1\<DIR> Yahoo!

[01/17/2007|08:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/11/2004|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[07/14/2006|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[07/14/2006|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[07/19/2006|06:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[07/19/2009|10:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/11/2009|10:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[07/11/2009|10:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[07/19/2009|10:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[07/02/2009 08:09 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/28/2009 08:49 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/03/2007|03:54] C:\Program Files\<DIR> 2K Games
[02/08/2007|08:31] C:\Program Files\<DIR> activePDF
[11/22/2008|05:58] C:\Program Files\<DIR> Adobe
[10/04/2008|10:58] C:\Program Files\<DIR> AIM6
[06/29/2009|06:11] C:\Program Files\<DIR> Apple Software Update
[07/14/2006|10:17] C:\Program Files\<DIR> ATI Technologies
[12/01/2008|07:04] C:\Program Files\<DIR> AVG
[01/21/2007|12:42] C:\Program Files\<DIR> AviSynth 2.5
[07/05/2009|02:21] C:\Program Files\<DIR> Azureus
[07/14/2006|10:28] C:\Program Files\<DIR> BAE
[09/14/2006|06:49] C:\Program Files\<DIR> BOINC
[06/29/2009|06:13] C:\Program Files\<DIR> Bonjour
[07/11/2009|04:54] C:\Program Files\<DIR> CCleaner
[07/15/2007|03:40] C:\Program Files\<DIR> CheetaChat
[07/24/2009|07:34] C:\Program Files\<DIR> Common Files
[08/11/2004|05:12] C:\Program Files\<DIR> ComPlus Applications
[07/14/2006|10:03] C:\Program Files\<DIR> CONEXANT
[07/14/2006|10:24] C:\Program Files\<DIR> Corel
[07/14/2006|10:24] C:\Program Files\<DIR> Corel Corporation
[01/26/2009|07:40] C:\Program Files\<DIR> DAEMON Tools Lite
[07/28/2007|09:06] C:\Program Files\<DIR> Dell
[01/20/2007|11:23] C:\Program Files\<DIR> DivX
[07/19/2006|05:02] C:\Program Files\<DIR> EA Games
[08/03/2006|07:23] C:\Program Files\<DIR> Eidos
[08/02/2006|06:21] C:\Program Files\<DIR> Free Audio Pack
[07/21/2009|07:36] C:\Program Files\<DIR> Free M4a to MP3 Converter
[08/03/2006|07:55] C:\Program Files\<DIR> GameShadow
[03/15/2007|06:46] C:\Program Files\<DIR> Google
[01/26/2009|07:43] C:\Program Files\<DIR> InstallShield Installation Information
[07/14/2006|10:16] C:\Program Files\<DIR> Intel
[07/14/2006|10:17] C:\Program Files\<DIR> InterActual
[12/31/2007|08:39] C:\Program Files\<DIR> InterMute
[07/05/2009|12:59] C:\Program Files\<DIR> Internet Explorer
[06/29/2009|06:14] C:\Program Files\<DIR> iPod
[06/29/2009|06:14] C:\Program Files\<DIR> iTunes
[07/24/2009|07:34] C:\Program Files\<DIR> Java
[07/11/2009|04:47] C:\Program Files\<DIR> Lavasoft
[07/03/2009|10:01] C:\Program Files\<DIR> LimeWire
[07/01/2009|09:50] C:\Program Files\<DIR> Linksys EasyLink Advisor
[09/18/2006|08:13] C:\Program Files\<DIR> Lotus
[12/27/2008|04:58] C:\Program Files\<DIR> Magellan
[07/05/2009|08:32] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/08/2009|07:56] C:\Program Files\<DIR> McAfee
[09/17/2008|07:39] C:\Program Files\<DIR> Messenger
[08/11/2004|05:15] C:\Program Files\<DIR> microsoft frontpage
[07/14/2006|10:19] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[07/14/2006|10:19] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[07/14/2006|10:17] C:\Program Files\<DIR> Modem Helper
[09/17/2008|07:34] C:\Program Files\<DIR> Movie Maker
[07/28/2009|08:49] C:\Program Files\<DIR> Mozilla Firefox
[11/26/2008|05:39] C:\Program Files\<DIR> MSN
[08/11/2004|05:11] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|04:01] C:\Program Files\<DIR> MSXML 4.0
[07/22/2006|07:27] C:\Program Files\<DIR> MUSICMATCH
[07/27/2006|05:46] C:\Program Files\<DIR> Nero
[09/17/2008|07:31] C:\Program Files\<DIR> NetMeeting
[07/14/2006|10:17] C:\Program Files\<DIR> NetWaiting
[08/11/2004|05:11] C:\Program Files\<DIR> Online Services
[09/17/2008|07:31] C:\Program Files\<DIR> Outlook Express
[09/01/2008|06:56] C:\Program Files\<DIR> PokerStars
[01/21/2007|12:42] C:\Program Files\<DIR> pspvideo9
[06/29/2009|06:13] C:\Program Files\<DIR> QuickTime
[07/14/2006|10:19] C:\Program Files\<DIR> Real
[10/05/2007|08:32] C:\Program Files\<DIR> RealArcade
[07/29/2006|10:33] C:\Program Files\<DIR> Roxio
[03/14/2007|05:55] C:\Program Files\<DIR> salas Termiserv Patch
[07/14/2006|10:28] C:\Program Files\<DIR> SearchAssist
[07/14/2006|10:15] C:\Program Files\<DIR> Sigmatel
[03/14/2007|08:11] C:\Program Files\<DIR> SlySoft
[07/14/2006|10:28] C:\Program Files\<DIR> Sonic
[02/20/2007|07:57] C:\Program Files\<DIR> TechSmith
[07/27/2009|06:23] C:\Program Files\<DIR> Tool
[07/22/2009|06:09] C:\Program Files\<DIR> trend micro
[01/26/2009|07:43] C:\Program Files\<DIR> Ubisoft
[08/11/2004|05:20] C:\Program Files\<DIR> Uninstall Information
[07/29/2006|10:46] C:\Program Files\<DIR> VideoLAN
[12/31/2007|11:12] C:\Program Files\<DIR> Warcraft III
[02/14/2009|11:59] C:\Program Files\<DIR> WebShow
[07/28/2007|09:07] C:\Program Files\<DIR> WildTangent
[11/26/2008|05:46] C:\Program Files\<DIR> Windows Live
[07/06/2007|06:28] C:\Program Files\<DIR> Windows Media Connect 2
[09/17/2008|07:31] C:\Program Files\<DIR> Windows Media Player
[09/17/2008|07:31] C:\Program Files\<DIR> Windows NT
[08/11/2004|05:13] C:\Program Files\<DIR> WindowsUpdate
[07/25/2006|06:35] C:\Program Files\<DIR> WinRAR
[07/14/2006|10:20] C:\Program Files\<DIR> WordPerfect Office 12
[08/11/2004|05:15] C:\Program Files\<DIR> xerox
[11/12/2007|09:22] C:\Program Files\<DIR> YahELite
[04/21/2007|09:55] C:\Program Files\<DIR> Yahoo!
[07/21/2006|08:13] C:\Program Files\<DIR> Zoom Player

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/12/2006|07:04] C:\Program Files\Common Files\<DIR> Adobe
[07/29/2006|10:01] C:\Program Files\Common Files\<DIR> Ahead
[10/04/2008|10:57] C:\Program Files\Common Files\<DIR> AOL
[06/29/2009|06:14] C:\Program Files\Common Files\<DIR> Apple
[07/14/2006|10:20] C:\Program Files\Common Files\<DIR> Borland Shared
[07/14/2006|10:20] C:\Program Files\Common Files\<DIR> Corel
[07/14/2006|10:22] C:\Program Files\Common Files\<DIR> InstallShield
[09/18/2006|08:13] C:\Program Files\Common Files\<DIR> Lotus
[11/26/2008|05:43] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/21/2008|07:20] C:\Program Files\Common Files\<DIR> Motorola Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> MSSoap
[07/14/2006|10:19] C:\Program Files\Common Files\<DIR> Nullsoft
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> ODBC
[07/14/2006|10:19] C:\Program Files\Common Files\<DIR> Real
[07/22/2006|07:26] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> Services
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/17/2008|07:31] C:\Program Files\Common Files\<DIR> System
[11/26/2008|05:46] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[12/01/2008|06:54] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\User\Cookies\User@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 20:52:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\Mozilla\Firefox\Profiles\bj1w6pvf.default\Cache\4B15FC4Cd01 96793 bytes
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\Mozilla\Firefox\Profiles\bj1w6pvf.default\Cache\3E4DB5BBd01 30638 bytes
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User\My Documents\My Music\Music\EMINEM - RELAPSE 128K CD RIP. [COVERS AND INLAYS]\18 Crack a Bottle.mp3
C:\DOCUME~1\User\My Documents\My Music\Music\Kanye West - Late Registration\08 - Crack Music (featuring Game).mp3


[F:13][D:2]-> C:\DOCUME~1\User\LOCALS~1\Temp
[F:192][D:0]-> C:\DOCUME~1\User\Cookies
[F:1158][D:4]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 07/28/2009|20:54 - Option : [1]

--------------------\\ Scan completed at 20:54:14

You're welcome

Select the entire area below, then right-click and choose Copy

Restart Lop S&D
Choose Option 4 (LopScript)
A blank page will be opened, right-click it and choose Paste
Close the page, you'll be asked to save it, click [Save]
Don't close the windows during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)

I noticed these when they came up in the search using LOP S&D; did the word "crack" in the filename prompt these? They're both valid .mp3 files I have as part of albums on my computer, so I'd rather not delete them if the filename was what made them come up.

OK, tis fine.


How is your computer running now?

It's running great... thanks again for all your help!

You're welcome.


Your log looks clean, Great Job


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now for some cleanup..
Please download OTC and save it to Desktop.

• Please make sure you are connecting to the Internet
• Double-click OTC.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Then go to Start > Run and type: Cleanmgr
• Click "OK".
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
     
     1. Change the Download signed ActiveX controls to Prompt
     2. Change the Download unsigned ActiveX controls to Disable
     3. Change the Initialize and script ActiveX controls not marked as safe to Disable
     4. Change the Installation of desktop items to Prompt
     5. Change the Launching programs and files in an IFRAME to Prompt
     6. Change the Navigate sub-frames across different domains to Prompt
     7. When all these settings have been made, click on the OK button.
     8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  No Firewall Onboard
  
  You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  • Online Armor
  • Sunbelt Personal Firewall
  • OutPost Firewall
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  
• Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software