Jump to content

Security Tool Infection - Can't Install MBAM


Recommended Posts

Initially I had the Windows Police Pro problem and while I was in the process of cleaning that up I caught the Security Tool. I am unable to fully install MBAM and receive the message:

Unable to execute file C:\ProgramFiles\MalwareBytes' Anti-Malware\mbam.exe

Create process failed;Code 2

The system cannot find the file specified

I've tried renaming mbam-setup.exe with no luck.

I am no longer seeing the WPP or ST popups with the bogus scans but obviously one or both are still alive. I do however get Internet Explorer popups even though I am only using Firefox.

I ran RootRepeal but it didn't detect any of the files listed as being threats. Here's the log:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/10/22 15:40

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

==EOF==

And here's the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:00:03 PM, on 10/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\svohost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Bob\Desktop\RootRepeal.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Bob\Desktop\explorer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {43084a28-51c2-4ec6-b3e6-966e41569144} - gagepira.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: ADC PlugIn - {77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - C:\WINDOWS\system32\plugie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [70810723] C:\DOCUME~1\ALLUSE~1\APPLIC~1\70810723\70810723.exe

O4 - HKLM\..\Run: [94578740] C:\Documents and Settings\All Users\Application Data\94578740\94578740.exe

O4 - HKLM\..\Run: [hifimukud] Rundll32.exe "c:\windows\system32\jogihuju.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Flutecakes\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm

O8 - Extra context menu item: Enqueue link target with Bulk Ima≥ Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm

O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm

O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: seniyuro.dll c:\windows\system32\jogihuju.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: jomabinuw - {ef4c3674-c587-4a35-85a4-69dfbf149478} - c:\windows\system32\jogihuju.dll

O22 - SharedTaskScheduler: jugezatag - {ef4c3674-c587-4a35-85a4-69dfbf149478} - c:\windows\system32\jogihuju.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: WDefend - Unknown owner - C:\WINDOWS\svohost.exe

--

End of file - 8757 bytes

There was also a O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe entry that i deleted while fighting the Windows Police Pro.

Thanks for any help you might be able to give me. I'm getting really frustrated trying to fight this thing myself.

Link to post
Share on other sites

Hi,

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Link to post
Share on other sites

exeHelper by Raktor

Build 20091021

Run at 11:20:54 on 10/23/09

Now searching...

Checking for numerical processes...

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70810723

Checking for bad processes...

Killed process svohost.exe

Checking for bad files...

Deleting file C:\WINDOWS\system32\bincd32.dat

Deleting file C:\WINDOWS\system32\pump.exe

Deleting file C:\WINDOWS\system32\plugie.dll

Deleting file C:\WINDOWS\svohost.exe

Deleting file C:\WINDOWS\system32\nuar.old

Deleting file C:\WINDOWS\system32\skynet.dat

Deleting file C:\Documents and Settings\Bob\Desktop\Security Tool.lnk

Deleting file C:\Documents and Settings\Bob\Start Menu\Programs\Security Tool.lnk

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

ComboFix 09-10-22.01 - Bob 10/23/2009 11:48.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.96 [GMT -7:00]

Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Bob\LOCALS~1\Temp\tmp1.tmp

c:\docume~1\Bob\LOCALS~1\Temp\tmp2.tmp

c:\documents and settings\All Users\Application Data\30652218

c:\documents and settings\All Users\Application Data\30652218\30652218.exe

c:\documents and settings\All Users\Application Data\94578740

c:\documents and settings\All Users\Application Data\94578740\94578740.bat

c:\documents and settings\All Users\Application Data\94578740\94578740.exe

c:\program files\Windows Police Pro

c:\recycler\S-1-5-21-1482476501-117609710-1801674531-1003

c:\recycler\S-1-5-21-1560454674-828500232-3025239362-1003

c:\recycler\S-1-5-21-2117801791-3926411368-178611624-1003

c:\recycler\S-1-5-21-3198218572-1756246666-1643702306-1003

c:\windows\system32\dewuyode.dll.tmp

c:\windows\system32\dorulelo.dll

c:\windows\system32\fedoniko.exe

c:\windows\system32\fipuvuna.dll

c:\windows\system32\gagepira.dll.tmp

c:\windows\system32\gatuzune.dll

c:\windows\system32\husalefi.dll

c:\windows\system32\jepiwezi.dll.tmp

c:\windows\system32\jolefayu.dll

c:\windows\system32\kumeweva.dll

c:\windows\system32\levopifo.dll.tmp

c:\windows\system32\litinika.dll

c:\windows\system32\palozora.exe

c:\windows\system32\rorerilu.exe

c:\windows\system32\sayabase.dll

c:\windows\system32\schtml

c:\windows\system32\schtml\dbsinit.exe

c:\windows\system32\schtml\images\i1.gif

c:\windows\system32\schtml\images\i2.gif

c:\windows\system32\schtml\images\i3.gif

c:\windows\system32\schtml\images\j1.gif

c:\windows\system32\schtml\images\j2.gif

c:\windows\system32\schtml\images\j3.gif

c:\windows\system32\schtml\images\jj1.gif

c:\windows\system32\schtml\images\jj2.gif

c:\windows\system32\schtml\images\jj3.gif

c:\windows\system32\schtml\images\l1.gif

c:\windows\system32\schtml\images\l2.gif

c:\windows\system32\schtml\images\l3.gif

c:\windows\system32\schtml\images\pix.gif

c:\windows\system32\schtml\images\t1.gif

c:\windows\system32\schtml\images\t2.gif

c:\windows\system32\schtml\images\up1.gif

c:\windows\system32\schtml\images\up2.gif

c:\windows\system32\schtml\images\w1.gif

c:\windows\system32\schtml\images\w11.gif

c:\windows\system32\schtml\images\w2.gif

c:\windows\system32\schtml\images\w3.gif

c:\windows\system32\schtml\images\w3.jpg

c:\windows\system32\schtml\images\word.doc

c:\windows\system32\schtml\images\wt1.gif

c:\windows\system32\schtml\images\wt2.gif

c:\windows\system32\schtml\images\wt3.gif

c:\windows\system32\schtml\wispex.html

c:\windows\system32\seniyuro.dll

c:\windows\system32\vaditujo.dll

c:\windows\system32\vetujavo.dll

c:\windows\system32\yagepodo.dll

c:\windows\system32\yidonizo.dll.tmp

c:\windows\system32\zavisomu.dll

c:\windows\system32\zoranada.dll.tmp

.

((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))

.

2009-10-22 07:27 . 2009-10-22 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-22 05:40 . 2009-10-22 05:40 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes

2009-10-22 05:30 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2009-10-22 05:30 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2009-10-22 05:30 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2009-10-22 05:30 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2009-10-22 05:30 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2009-10-22 05:30 . 2009-10-22 05:41 -------- d-----w- c:\documents and settings\Bob\Application Data\Simply Super Software

2009-10-22 05:30 . 2009-10-22 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2009-10-21 22:43 . 2009-10-21 22:43 -------- d-----w- C:\_OTM

2009-10-19 15:43 . 2009-10-19 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-10-19 15:18 . 2009-10-21 22:43 58 ----a-w- c:\windows\wp4.dat

2009-10-19 15:18 . 2009-10-21 22:43 1 ----a-w- c:\windows\wp3.dat

2009-10-19 03:04 . 2009-10-19 03:04 51712 ----a-w- c:\documents and settings\x.exe

2009-10-16 07:06 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2009-10-16 06:44 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2009-10-15 20:34 . 2009-10-16 00:27 -------- d-----w- c:\program files\FlashGet

2009-10-15 20:08 . 2009-10-15 20:08 4653448 ----a-w- c:\program files\fgen_305.exe

2009-10-12 03:59 . 2009-10-12 03:59 -------- d-sh--w- c:\documents and settings\Bob\PrivacIE

2009-09-25 18:46 . 2009-09-25 18:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-23 18:15 . 2008-06-23 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-10-22 00:52 . 2008-04-19 08:18 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-22 00:48 . 2008-04-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-12 03:58 . 2009-07-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-09-11 14:18 . 2008-01-29 02:35 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 10:23 . 2008-06-20 12:25 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08 . 2008-01-29 02:37 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:00 . 2008-01-29 02:36 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-19 17:01 . 2008-07-01 10:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 17:00 . 2008-07-01 10:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-19 17:00 . 2008-07-01 10:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-18 19:14 . 2008-06-21 14:58 24320 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 03:44 . 2008-01-29 02:35 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2007-07-19 02:40 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-06-23 00:39 . 2008-07-31 04:35 6144 --sha-w- c:\program files\Thumbs.db

2009-04-19 22:13 . 2009-04-19 22:13 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe

2009-03-22 08:12 . 2009-03-22 08:06 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe

2008-11-27 18:50 . 2008-11-27 00:47 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe

2008-10-10 00:38 . 2008-10-10 00:37 1761487 ----a-w- c:\program files\SopCastOcx.zip

2008-09-25 18:32 . 2008-09-25 18:32 2306336 ----a-w- c:\program files\OrbitSetup_276.exe

2008-09-25 18:12 . 2008-09-25 18:12 3596242 ----a-w- c:\program files\bid_1_38_setup.exe

2008-09-19 20:18 . 2008-09-19 20:18 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe

2008-08-03 02:09 . 2008-08-03 02:09 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-07-31 02:12 . 2008-07-31 02:08 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-07-06 01:38 . 2008-07-06 01:38 6552472 ----a-w- c:\program files\AWCSetup.exe

2008-07-03 06:15 . 2008-07-03 06:15 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe

2008-06-23 20:19 . 2008-06-23 20:19 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe

2008-04-20 08:57 . 2008-04-20 08:58 1495112 ----a-w- c:\program files\install_flash_player.exe

2009-07-22 18:07 . 2009-07-22 18:07 1051170 --sha-w- c:\windows\system32\nugebini.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2008 3:55 AM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2008 3:55 AM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:44 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 8:41 PM 297752]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]

S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: En&queue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm

IE: Enqueue link target with Bulk Ima≥ Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm

IE: Open &link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlink.htm

IE: Open current page with Bulk I&mage Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebid.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava11.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava12.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava131.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava32.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPOJI600.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{43084a28-51c2-4ec6-b3e6-966e41569144} - zavisomu.dll

BHO-{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - c:\windows\system32\plugie.dll

HKLM-Run-94578740 - c:\documents and settings\All Users\Application Data\94578740\94578740.exe

HKLM-Run-hifimukud - c:\windows\system32\jolefayu.dll

HKLM-Run-tijadubapo - vaditujo.dll

SharedTaskScheduler-{f6f816c6-7495-458c-bddb-857cf7759435} - c:\windows\system32\jolefayu.dll

SSODL-lopimipaj-{f6f816c6-7495-458c-bddb-857cf7759435} - c:\windows\system32\jolefayu.dll

AddRemove-HijackThis - c:\documents and settings\Bob\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-23 12:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2380)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\combofix\CF31242.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\combofix\PEV.cfxxe

.

**************************************************************************

.

Completion time: 2009-10-23 12:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-23 19:15

Pre-Run: 1,323,249,664 bytes free

Post-Run: 4,514,701,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7BF135A68FF1C5B707621A2BFE08FF80

By the way i received two RUNDLL errors upon restart:

Error loading c:\windows\system32\jolefayu.dll

The specified module could not be found.

and

Error loading vaditujo.dll

The specified module could not be found.

Thanks again for your help.

Link to post
Share on other sites

Hi,

Lets stop with the jumping in on other peoples threads.

1) CFScript

Open notepad and copy/paste the text in the quotebox below into it:

http://www.malwarebytes.org/forums/index.php?showtopic=28657

Collect::
c:\windows\system32\nugebini.exe
c:\documents and settings\x.exe

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

2) Malwarebytes

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) DDS

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on attach_add.png to insert the attachment into your post

In your reply I would like to see copied and pasted,

1) ComboFix log

2) Malwarebytes log

3) DDS logs

Link to post
Share on other sites

1) ComboFix log

Upload was successful

(that's all it said)

2) Malwarebytes log

Malwarebytes' Anti-Malware 1.41

Database version: 3028

Windows 5.1.2600 Service Pack 3

10/24/2009 6:59:38 PM

mbam-log-2009-10-24 (18-59-38).txt

Scan type: Quick Scan

Objects scanned: 95248

Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDefend (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Bob\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

3) DDS logs

DDS (Ver_09-10-24.03) - NTFSx86

Run by Bob at 19:28:10.39 on Sat 10/24/2009

Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [siSUSBRG] c:\windows\SiSUSBrg.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidqueue.htm

IE: Enqueue link target with Bulk Ima≥ Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlinkqueue.htm

IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlink.htm

IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebid.htm

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\apwncr8d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava11.dll

FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava12.dll

FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava131.dll

FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPJava32.dll

FF - plugin: c:\program files\javasoft\jre\1.3.1\bin\NPOJI600.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-25 01:43:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-25 01:43:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-25 01:43:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-23 18:45:21 0 d-sha-r- C:\cmdcons

2009-10-23 18:42:17 98816 ----a-w- c:\windows\sed.exe

2009-10-23 18:42:17 236544 ----a-w- c:\windows\PEV.exe

2009-10-23 18:42:17 161792 ----a-w- c:\windows\SWREG.exe

2009-10-22 07:27:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-10-22 05:40:33 0 d-----w- c:\docume~1\bob\applic~1\Malwarebytes

2009-10-22 05:30:40 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2009-10-22 05:30:40 75264 ----a-w- c:\windows\system32\unacev2.dll

2009-10-22 05:30:40 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2009-10-22 05:30:40 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2009-10-22 05:30:40 153088 ----a-w- c:\windows\system32\unrar3.dll

2009-10-22 05:30:35 0 d-----w- c:\docume~1\bob\applic~1\Simply Super Software

2009-10-22 05:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software

2009-10-21 22:43:23 0 d-----w- C:\_OTM

2009-10-16 07:06:46 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2009-10-16 06:44:21 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2009-10-15 20:34:18 0 d-----w- c:\program files\FlashGet

2009-10-15 20:08:24 4653448 ----a-w- c:\program files\fgen_305.exe

2009-10-12 03:59:53 0 d-sh--w- c:\documents and settings\bob\PrivacIE

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-19 17:01:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 03:44:46 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-06-23 00:39:42 6144 --sha-w- c:\program files\Thumbs.db

2009-04-19 22:13:12 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe

2009-03-22 08:12:42 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe

2008-11-27 18:50:58 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe

2008-10-10 00:38:07 1761487 ----a-w- c:\program files\SopCastOcx.zip

2008-09-25 18:32:50 2306336 ----a-w- c:\program files\OrbitSetup_276.exe

2008-09-25 18:12:30 3596242 ----a-w- c:\program files\bid_1_38_setup.exe

2008-09-19 20:18:37 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe

2008-08-03 02:09:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-07-31 02:12:08 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-07-06 01:38:57 6552472 ----a-w- c:\program files\AWCSetup.exe

2008-07-03 06:15:05 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe

2008-06-23 20:19:44 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe

2008-04-20 08:57:42 1495112 ----a-w- c:\program files\install_flash_player.exe

2008-08-25 23:16:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 19:30:31.92 ===============

Link to post
Share on other sites

Hi,

Lets get another scan going and see where we are.

Can you check and see if ComboFix produced a log last time.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

Hi, sorry for the delay. I haven't been felling well.

Yes, ComboFix produced a log. However, all it said was "Upload was successful".

Should I try running ComboFix again?

Here are te OTL logs:

OTL.txt

--------

OTL logfile created on: 10/26/2009 9:02:19 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free

605.72 Mb Paging File | 291.95 Mb Available in Paging File | 48.20% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 3.55 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0

Current User Name: Bob

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NMSAccessU [Auto | Running]) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)

DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems)

DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems)

DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiS315 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (SiSkp [system | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SISNIC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS Corporation)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9

FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 01:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 01:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/01 09:27:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 19:50:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 19:54:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 14:25:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 01:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 01:51:20 | 00,000,000 | ---D | M]

[2008/08/26 16:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Extensions

[2008/08/26 16:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/10/25 23:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions

[2009/10/15 14:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009/09/03 23:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/01/08 20:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}

[2009/03/17 15:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/10/15 15:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download

[2008/08/26 16:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/10 14:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/10 14:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/09/10 14:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/09/10 14:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/03/15 01:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/03/15 01:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/03/15 01:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/09/03 23:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/09/03 23:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/05 15:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

[2009/09/03 23:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/09/03 23:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/09/03 23:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/09/03 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/09/03 23:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()

O8 - Extra context menu item: Enqueue link target with Bulk Ima≥ Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()

O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()

O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe ()

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/29 10:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]

[2009/10/22 00:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 22:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/10/21 22:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes

[2009/10/21 22:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software

[2009/10/15 13:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet

[2009/10/24 18:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/26 20:58:34 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe

[2009/10/25 20:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys

[2009/10/25 20:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2009/10/25 20:34:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGHFGHFG

[2009/10/25 17:21:46 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Bob\Desktop\HFGHKUIUJUYJM

[2009/10/25 17:20:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\YUJYTJHGNGF

[2009/10/25 14:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/10/25 08:31:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FNFDGHFGHFGH

[2009/10/24 18:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/24 18:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/24 18:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe

[2009/10/24 17:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/23 14:29:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1625

[2009/10/23 11:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/10/23 11:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/10/23 11:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/10/23 11:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/10/23 11:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/10/23 11:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/10/23 11:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/10/23 11:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com

[2009/10/22 14:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe

[2009/10/21 22:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software

[2009/10/21 22:30:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009/10/21 22:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe

[2009/10/21 21:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups

[2009/10/21 15:43:23 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/10/21 15:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com

[2009/10/21 15:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

[2009/10/18 18:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGBGFHHF

[2009/10/16 02:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HFGHTYUJYU

[2009/10/16 01:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJYTJ

[2009/10/16 01:09:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YJHFG

[2009/10/16 00:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUJYU

[2009/10/16 00:38:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\UYIIUI

[2009/10/16 00:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUIYIYI

[2009/10/16 00:06:46 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll

[2009/10/15 23:49:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUIYUIYUIGJ

[2009/10/15 23:45:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YYUYUJBFGD

[2009/10/15 23:44:21 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll

[2009/10/15 21:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YJRTYUYU

[2009/10/15 21:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYUJGJG

[2009/10/15 21:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JGJFJGJ

[2009/10/15 20:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YYUYTFGDHD

[2009/10/15 18:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HTYHYT

[2009/10/15 15:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YTYTHYTH

[2009/10/15 13:05:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHHHFH

[2009/10/14 22:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHFGDNND

[2009/10/14 17:15:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YTUUYUTY

[2009/10/14 17:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTJTJTJ

[2009/10/14 15:57:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJ

[2009/10/14 15:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\UKYUK

[2009/10/14 12:21:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\YUKYU

[2009/10/14 11:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1204

[2009/10/14 09:58:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYR

[2009/10/14 02:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTYJ

[2009/10/14 01:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTJT

[2009/10/14 01:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYJTY

[2009/10/14 00:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\JTJTYe

[2009/10/14 00:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TFSDF

[2009/10/14 00:08:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Bob\Desktop\YTYTY

[2009/10/13 23:13:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHYT

[2009/10/13 22:07:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TYHFDGF

[2009/10/13 20:40:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\FFF

[2009/10/13 20:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TR

[2009/10/13 19:19:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\HTRETR

[2009/10/13 12:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TRHRT

[2009/10/13 11:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0904

[2009/10/12 23:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\REHR

[2009/10/12 15:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RTHRTH

[2009/10/12 13:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Downloads

[2009/10/11 21:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\TRHRTHRT

[2009/10/11 21:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\REHRHR

[2009/10/11 19:49:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\RHHR

[2009/10/11 15:42:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\E5YYUJ

[2009/10/09 13:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\0403

[2009/10/08 23:34:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\

Link to post
Share on other sites

Extras.txt

-----------

OTL Extras logfile created on: 10/26/2009 9:02:19 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free

605.72 Mb Paging File | 291.95 Mb Available in Paging File | 48.20% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 3.55 Gb Free Space | 4.76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0

Current User Name: Bob

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8EEA03C8-D820-411C-AB0C-9DD5EFAD1033}" = Nero 7 Essentials

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack

"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"7-Zip" = 7-Zip 4.57

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal

"America Online us" = America Online

"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)

"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)

"Audacity_is1" = Audacity 1.2.6

"AVG8Uninstall" = AVG 8.5

"BigFix" = BigFix

"Bulk Image Downloader_is1" = Bulk Image Downloader v1.38.0.3

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24

"CompuServe us" = CompuServe

"DVD Flick_is1" = DVD Flick 1.3.0.6

"ICQ" = ICQ

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer

"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1

"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"RealPlayer 6.0" = RealPlayer Basic

"SiS VGA Driver" = SiS 661FX

"SopCast" = SopCast 3.0.3

"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)

"WIC" = Windows Imaging Component

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/15/2009 6:20:24 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 11307

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1307.There

is not enough disk space to install this file: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll.

Free some disk space and click Retry, or click Cancel to exit.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CLR' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CA' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework CRT' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework PreXP' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'Dr.

Watson' could not be installed. Error code 1603. Additional information is available

in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework 1' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework 2' could not be installed. Error code 1603. Additional information is

available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework ASP .NET' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

Error - 8/15/2009 6:23:22 AM | Computer Name = YOUR-CN2CCRVZT0 | Source = MsiInstaller | ID = 1023

Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET

Framework WinForms' could not be installed. Error code 1603. Additional information

is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup77BC.txt.

[ System Events ]

Error - 10/23/2009 3:03:10 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service

to connect.

Error - 10/23/2009 3:06:15 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000

Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 5:56:00 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000

Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 8:33:42 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service

to connect.

Error - 10/24/2009 8:48:57 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service

to connect.

Error - 10/24/2009 9:29:56 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000

Description = The WDefend service failed to start due to the following error: %%2

Error - 10/24/2009 10:06:21 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner

service to connect.

Error - 10/24/2009 10:06:21 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000

Description = The AVG Free8 E-mail Scanner service failed to start due to the following

error: %%1053

Error - 10/25/2009 9:07:06 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway

Service service to connect.

Error - 10/25/2009 9:07:14 PM | Computer Name = YOUR-CN2CCRVZT0 | Source = Service Control Manager | ID = 7000

Description = The Application Layer Gateway Service service failed to start due

to the following error: %%1053

< End of report >

Link to post
Share on other sites

Yes I know what all the folders and rar files are.

The only thing on my desktop that I'm not sure about is the Advanced WindowsCare V2 Personal. Not sure where that came from. I don't remember installing that.

Before I found this site, I tried getting rid of the Windows Police Pro myself by following some suggestions on other sites. I didn't have anybody helping me specifically though. The only thing i deleted was O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe. When I opened task manager Windows Police Pro would show up under Applications and 30652218.exe was under Processes. When I clicked End Task on 30652218.exe, Windows Police Pro would also close. The site I was at said to look for entries like O4 - HKLM\..\Run: [30652218] C:\Documents and Settings\All Users\Application Data\30652218\30652218.exe that had random numbers.exe so when I saw that one and was able to see the connection between it and Windows Police Pro, I felt safe deleting it.

Link to post
Share on other sites

Thats ok.

Just wanted to check what they were.

I would also never, ever use anything to try and clean or fix the registry. Highly inadvisable.

Want to get an updated scan.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Don't worry about the extras.txt

Link to post
Share on other sites

OTL logfile created on: 11/2/2009 1:21:10 PM - Run 2

OTL by OldTimer - Version 3.1.3.1 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 85.31 Mb Available Physical Memory | 38.17% Memory free

911.72 Mb Paging File | 484.64 Mb Available in Paging File | 53.16% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 14.00 Gb Free Space | 18.78% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0

Current User Name: Bob

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) AVG8 Network Redirector [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (Secdrv) Secdrv [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (SiSkp) SiSkp [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) SiS315 [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (ASCTRM) ASCTRM [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)

DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

DRV - (ialm) ialm [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)

DRV - (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)

DRV - (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)

DRV - (winachsf) winachsf [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)

DRV - (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9

FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 09:41:14 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 18:50:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 18:54:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 13:25:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

[2009/10/15 14:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download

[2009/03/17 14:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/01/08 19:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}

[2009/09/03 22:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/10/15 13:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009/10/26 15:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions

[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions

[2009/09/10 13:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/08/26 15:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/10 13:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/09/10 13:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/09/10 13:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/09/03 22:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/03 22:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/07/05 14:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2009/09/03 22:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/03 22:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/03 22:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/03 22:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/09/03 22:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()

O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()

O8 - Extra context menu item: Enqueue link target with Bulk Ima≥ Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()

O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()

O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()

O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()

O8 - Extra context menu item: Open current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()

O8 - Extra context menu item: Open link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/29 09:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/21 04:52:38 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/01 11:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\1200

[2009/10/27 22:16:57 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe

[2009/10/25 19:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys

[2009/10/25 19:37:31 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2009/10/25 13:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/10/24 17:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/24 17:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/24 17:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/24 17:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe

[2009/10/24 16:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/23 10:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/10/23 10:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/10/23 10:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/10/23 10:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/10/23 10:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/10/23 10:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/10/23 10:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/10/23 10:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com

[2009/10/22 13:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe

[2009/10/21 23:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 21:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes

[2009/10/21 21:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software

[2009/10/21 21:30:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software

[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/10/21 21:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe

[2009/10/21 20:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups

[2009/10/21 14:43:23 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/10/21 14:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com

[2009/10/21 14:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

[2009/10/15 23:06:46 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll

[2009/10/15 22:44:21 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll

[2009/10/15 12:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet

[2009/10/12 12:45:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Downloads

[2009/10/11 19:59:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Bob\PrivacIE

[2009/04/19 14:13:09 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\Program Files\dvdflick_setup_1.3.0.6.exe

[2009/03/22 00:06:08 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_283a1450.exe

[2008/11/26 16:47:04 | 27,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

[2008/09/25 10:32:27 | 02,306,336 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup_276.exe

[2008/09/25 10:12:16 | 03,596,242 | ---- | C] (Antibody Software ) -- C:\Program Files\bid_1_38_setup.exe

[2008/09/19 12:18:29 | 06,089,998 | ---- | C] (CCCP Project ) -- C:\Program Files\Combined-Community-Codec-Pack-2008-01-24.exe

[2008/08/02 18:09:21 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe

[2008/07/30 18:08:54 | 63,530,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe

[2008/07/05 17:38:39 | 06,552,472 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe

[2008/07/02 22:15:19 | 02,978,159 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.1.2.678.exe

[2008/04/20 00:58:03 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/02 13:20:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe

[2009/11/02 12:42:09 | 18,350,080 | -H-- | M] () -- C:\Documents and Settings\Bob\NTUSER.DAT

[2009/11/02 09:33:33 | 00,069,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/02 09:33:32 | 44,641,555 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/01 07:17:12 | 00,524,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/01 07:17:12 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/01 07:17:12 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/01 07:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/01 07:10:44 | 00,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/01 07:10:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/01 07:10:34 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/30 21:38:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob\ntuser.ini

[2009/10/30 21:36:15 | 04,836,966 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db

[2009/10/29 17:04:59 | 00,350,720 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\hjsplit.exe

[2009/10/27 20:07:16 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/10/27 20:06:31 | 00,139,776 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/25 16:48:49 | 00,000,065 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Default.PLS

[2009/10/24 18:26:58 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.scr

[2009/10/24 17:43:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/24 17:39:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe

[2009/10/24 16:49:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/24 14:43:20 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Bob\plugin131.trace

[2009/10/23 11:06:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/10/23 11:00:47 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\depadunu

[2009/10/23 10:45:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/10/23 10:34:35 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe

[2009/10/22 13:46:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\settings.dat

[2009/10/21 21:23:39 | 08,877,640 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe

[2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg

[2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com

[2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

[2009/10/17 15:33:07 | 00,013,381 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dl

[2009/10/16 10:46:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/16 04:15:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/15 15:18:41 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk

[2009/10/15 12:08:28 | 04,653,448 | ---- | M] () -- C:\Program Files\fgen_305.exe

[2009/10/11 07:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/10/05 07:29:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/24 18:26:29 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.scr

[2009/10/24 17:43:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/23 10:45:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/10/23 10:45:24 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/10/23 10:42:17 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/10/23 10:42:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/10/23 10:42:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/10/23 10:42:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/10/23 10:34:21 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe

[2009/10/22 13:46:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\settings.dat

[2009/10/21 23:11:20 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys

[2009/10/21 21:30:40 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009/10/21 21:30:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll

[2009/10/21 21:30:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009/10/21 21:30:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009/10/21 14:55:47 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fix.reg

[2009/10/17 15:32:45 | 00,013,381 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dl

[2009/10/15 15:18:40 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Shortcut to Downloads.lnk

[2009/10/15 12:08:24 | 04,653,448 | ---- | C] () -- C:\Program Files\fgen_305.exe

[2008/10/09 16:37:03 | 01,761,487 | ---- | C] () -- C:\Program Files\SopCastOcx.zip

[2008/07/30 20:35:22 | 00,006,144 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2008/06/23 12:19:17 | 49,384,056 | ---- | C] () -- C:\Program Files\avg_free_stf_all_8_100a1323.exe

[2008/06/21 06:58:38 | 00,024,320 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/06/21 02:52:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/20 03:20:41 | 00,033,979 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2008/06/20 03:20:40 | 00,106,253 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini

[2008/06/20 03:01:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2008/04/19 01:04:47 | 00,139,776 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/19 00:06:36 | 04,836,966 | -H-- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db

[2008/04/19 00:06:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob\Application Data\desktop.ini

[2005/03/25 05:42:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/07/29 11:07:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/07/29 10:14:01 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2003/07/29 10:13:28 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini

[2003/07/29 09:47:04 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/07/29 09:47:04 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2003/07/29 09:46:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\win.ini

[2003/07/29 09:46:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2003/07/29 02:51:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/11 19:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/06/16 19:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2009/10/21 21:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/03/15 00:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/24 14:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/06/01 21:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR

[2009/05/31 20:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\BID

[2008/07/02 23:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Canneverbe_Limited

[2008/09/25 10:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro

[2003/07/29 10:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\InterTrust

[2008/09/26 19:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit

[2009/10/21 21:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software

[2002/08/29 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/01 07:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >

"{3f963a5b-e555-4543-90e2-c3908898db71}" = C:\Program Files\AVG\AVG8\Firefox -- [2009/11/02 09:41:14 | 00,000,000 | ---D | M]

"avg@igeared" = C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared -- [2009/10/11 18:50:46 | 00,000,000 | ---D | M]

"{20a82645-c095-46ed-80e3-08825760534b}" = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ -- [2009/09/02 02:01:56 | 00,000,000 | ---D | M]

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008/01/28 18:33:40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=56E7D7261A4BE548B784760896375D8A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2006/02/28 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2006/02/28 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2006/02/28 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

[2008/01/28 18:48:59 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

Link to post
Share on other sites

Hi,

1) OTL

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    [2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg
    [2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com
    [2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs

2) Kaspersky scan

Link to post
Share on other sites

OK, I'm having a heck of a time getting Kaspersky to run a complete scan. I've gotten as far as 86% complete and then it freezes. I'll keep trying but in the meantime here's the OTL log. Oh and I came across that Combofix log. Sorry, I assumed it would save to my desktop like everything else has but it didn't. Combofix log will follow the OTL log...

OTL logfile created on: 11/3/2009 3:21:17 PM - Run 3

OTL by OldTimer - Version 3.1.3.1 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 31.60 Mb Available Physical Memory | 14.14% Memory free

594.72 Mb Paging File | 302.37 Mb Available in Paging File | 50.84% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 14.63 Gb Free Space | 19.63% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: YOUR-CN2CCRVZT0

Current User Name: Bob

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9

FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:0.7

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\:

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Components: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\CompuServe 7.0\Extensions\\Plugins: C:\Program Files\Common Files\csshare\plugins0942 [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/02 09:41:14 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/11 18:50:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 18:54:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 13:25:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/03/15 00:51:20 | 00,000,000 | ---D | M]

[2009/10/15 14:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\dave2x@download

[2009/03/17 14:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/01/08 19:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}

[2009/09/03 22:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/10/15 13:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009/10/26 15:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\extensions

[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2008/08/26 15:56:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions

[2009/09/10 13:25:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/08/26 15:56:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/10 13:24:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/09/10 13:24:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/09/10 13:24:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 21:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/03/15 00:51:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/03/15 00:51:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/09/03 22:00:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/09/03 22:00:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/07/05 14:04:06 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2009/09/03 22:00:48 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/09/03 22:00:49 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/09/03 22:00:49 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/09/03 22:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/09/03 22:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm ()

O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()

O8 - Extra context menu item: Enqueue link target with Bulk Ima≥ Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm ()

O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()

O8 - Extra context menu item: Open &link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebidlink.htm ()

O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - C:\Program Files\Bulk Image Downloader1.38\iemenu\iebid.htm ()

O8 - Extra context menu item: Open current page with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()

O8 - Extra context menu item: Open link target with Bulk Image Downloader - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()

O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)

O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...-131_02-win.cab (Java Plug-in 1.3.1_02)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/29 09:59:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/27 22:16:57 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe

[2009/10/25 13:56:32 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/10/24 17:43:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/24 17:43:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/24 17:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/24 17:38:40 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe

[2009/10/24 16:56:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/23 10:45:21 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/10/23 10:42:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/10/23 10:42:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/10/23 10:42:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/10/23 10:42:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/10/23 10:41:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/10/23 10:35:39 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/10/23 10:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\exeHelpher.com

[2009/10/22 13:46:16 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bob\Desktop\RootRepeal.exe

[2009/10/21 23:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 21:40:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes

[2009/10/21 21:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Simply Super Software

[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software

[2009/10/21 21:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/10/21 21:23:16 | 08,877,640 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe

[2009/10/21 20:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Desktop\backups

[2009/10/21 14:43:23 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/10/21 14:41:25 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com

[2009/10/21 14:38:24 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

[2009/04/19 14:13:09 | 12,808,339 | ---- | C] (Dennis Meuwissen ) -- C:\Program Files\dvdflick_setup_1.3.0.6.exe

[2009/03/22 00:06:08 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_283a1450.exe

[2008/11/26 16:47:04 | 27,288,880 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

[2008/09/25 10:32:27 | 02,306,336 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup_276.exe

[2008/09/25 10:12:16 | 03,596,242 | ---- | C] (Antibody Software ) -- C:\Program Files\bid_1_38_setup.exe

[2008/09/19 12:18:29 | 06,089,998 | ---- | C] (CCCP Project ) -- C:\Program Files\Combined-Community-Codec-Pack-2008-01-24.exe

[2008/08/02 18:09:21 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe

[2008/07/30 18:08:54 | 63,530,280 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe

[2008/07/05 17:38:39 | 06,552,472 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe

[2008/07/02 22:15:19 | 02,978,159 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.1.2.678.exe

[2008/04/20 00:58:03 | 01,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/03 15:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/03 15:17:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/03 15:17:05 | 23,440,9984 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/03 15:16:07 | 18,350,080 | -H-- | M] () -- C:\Documents and Settings\Bob\NTUSER.DAT

[2009/11/03 15:15:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bob\ntuser.ini

[2009/11/03 13:56:12 | 00,140,800 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/03 13:50:54 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/11/03 13:50:40 | 00,000,088 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Default.PLS

[2009/11/03 09:16:37 | 00,069,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/03 09:16:36 | 44,665,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/03 03:07:37 | 04,837,854 | -H-- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db

[2009/11/02 21:01:14 | 00,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/02 13:20:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe

[2009/11/01 07:17:12 | 00,524,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/01 07:17:12 | 00,442,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/01 07:17:12 | 00,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/29 17:04:59 | 00,350,720 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\hjsplit.exe

[2009/10/24 18:26:58 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\dds.scr

[2009/10/24 17:43:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/24 17:39:07 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bob\Desktop\mbam-setup.exe

[2009/10/24 16:49:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/24 14:43:20 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Bob\plugin131.trace

[2009/10/23 11:06:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/10/23 11:00:47 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\depadunu

[2009/10/23 10:45:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/10/23 10:34:35 | 03,351,787 | R--- | M] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe

[2009/10/22 13:46:43 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\settings.dat

[2009/10/21 21:23:39 | 08,877,640 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Bob\Desktop\trj681.exe

[2009/10/21 14:55:48 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\fix.reg

[2009/10/21 14:41:27 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com

[2009/10/21 14:38:47 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTM.com.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/24 18:26:29 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\dds.scr

[2009/10/24 17:43:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/23 10:45:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/10/23 10:45:24 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/10/23 10:42:17 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/10/23 10:42:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/10/23 10:42:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/10/23 10:42:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/10/23 10:34:21 | 03,351,787 | R--- | C] () -- C:\Documents and Settings\Bob\Desktop\ComboFix.exe

[2009/10/22 13:46:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\settings.dat

[2009/10/21 23:11:20 | 23,440,9984 | -HS- | C] () -- C:\hiberfil.sys

[2009/10/21 21:30:40 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009/10/21 21:30:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll

[2009/10/21 21:30:40 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009/10/21 21:30:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009/10/21 14:55:47 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\fix.reg

[2009/10/15 12:08:24 | 04,653,448 | ---- | C] () -- C:\Program Files\fgen_305.exe

[2008/10/09 16:37:03 | 01,761,487 | ---- | C] () -- C:\Program Files\SopCastOcx.zip

[2008/07/30 20:35:22 | 00,006,144 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2008/06/23 12:19:17 | 49,384,056 | ---- | C] () -- C:\Program Files\avg_free_stf_all_8_100a1323.exe

[2008/06/21 06:58:38 | 00,024,320 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/06/21 02:52:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/20 03:20:41 | 00,033,979 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2008/06/20 03:20:40 | 00,106,253 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini

[2008/06/20 03:01:48 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2008/04/19 01:04:47 | 00,140,800 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/19 00:06:36 | 04,837,854 | -H-- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\IconCache.db

[2008/04/19 00:06:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bob\Application Data\desktop.ini

[2005/03/25 05:42:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/07/29 11:07:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/07/29 10:14:01 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2003/07/29 10:13:28 | 00,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini

[2003/07/29 09:47:04 | 00,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/07/29 09:47:04 | 00,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2003/07/29 09:46:47 | 00,000,757 | ---- | C] () -- C:\WINDOWS\win.ini

[2003/07/29 09:46:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2003/07/29 02:51:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/11 19:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/06/16 19:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2009/10/21 21:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/03/15 00:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/04/24 14:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/06/01 21:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\AVGTOOLBAR

[2009/05/31 20:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\BID

[2008/07/02 23:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Canneverbe_Limited

[2008/09/25 10:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GrabPro

[2003/07/29 10:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\InterTrust

[2008/09/26 19:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Orbit

[2009/10/21 21:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Simply Super Software

[2002/08/29 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/03 15:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

ComboFix 09-10-22.01 - Bob 10/24/2009 17:34.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.94 [GMT -7:00]

Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt

file zipped: c:\documents and settings\x.exe

file zipped: c:\windows\system32\nugebini.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\x.exe

c:\windows\system32\nugebini.exe

.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))

.

2009-10-22 07:27 . 2009-10-22 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-22 05:40 . 2009-10-22 05:40 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes

2009-10-22 05:30 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2009-10-22 05:30 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2009-10-22 05:30 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2009-10-22 05:30 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2009-10-22 05:30 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2009-10-22 05:30 . 2009-10-22 05:41 -------- d-----w- c:\documents and settings\Bob\Application Data\Simply Super Software

2009-10-22 05:30 . 2009-10-22 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2009-10-21 22:43 . 2009-10-21 22:43 -------- d-----w- C:\_OTM

2009-10-19 15:43 . 2009-10-19 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-10-19 15:18 . 2009-10-21 22:43 58 ----a-w- c:\windows\wp4.dat

2009-10-19 15:18 . 2009-10-21 22:43 1 ----a-w- c:\windows\wp3.dat

2009-10-16 07:06 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2009-10-16 06:44 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2009-10-15 20:34 . 2009-10-16 00:27 -------- d-----w- c:\program files\FlashGet

2009-10-15 20:08 . 2009-10-15 20:08 4653448 ----a-w- c:\program files\fgen_305.exe

2009-10-12 03:59 . 2009-10-12 03:59 -------- d-sh--w- c:\documents and settings\Bob\PrivacIE

2009-09-25 18:46 . 2009-09-25 18:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-23 18:15 . 2008-06-23 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-10-22 00:52 . 2008-04-19 08:18 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-10-22 00:48 . 2008-04-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-12 03:58 . 2009-07-01 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-09-11 14:18 . 2008-01-29 02:35 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 10:23 . 2008-06-20 12:25 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08 . 2008-01-29 02:37 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:00 . 2008-01-29 02:36 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-19 17:01 . 2008-07-01 10:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 17:00 . 2008-07-01 10:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-19 17:00 . 2008-07-01 10:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-18 19:14 . 2008-06-21 14:58 24320 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 03:44 . 2008-01-29 02:35 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2007-07-19 02:40 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-06-23 00:39 . 2008-07-31 04:35 6144 --sha-w- c:\program files\Thumbs.db

2009-04-19 22:13 . 2009-04-19 22:13 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe

2009-03-22 08:12 . 2009-03-22 08:06 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe

2008-11-27 18:50 . 2008-11-27 00:47 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe

2008-10-10 00:38 . 2008-10-10 00:37 1761487 ----a-w- c:\program files\SopCastOcx.zip

2008-09-25 18:32 . 2008-09-25 18:32 2306336 ----a-w- c:\program files\OrbitSetup_276.exe

2008-09-25 18:12 . 2008-09-25 18:12 3596242 ----a-w- c:\program files\bid_1_38_setup.exe

2008-09-19 20:18 . 2008-09-19 20:18 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe

2008-08-03 02:09 . 2008-08-03 02:09 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-07-31 02:12 . 2008-07-31 02:08 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-07-06 01:38 . 2008-07-06 01:38 6552472 ----a-w- c:\program files\AWCSetup.exe

2008-07-03 06:15 . 2008-07-03 06:15 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe

2008-06-23 20:19 . 2008-06-23 20:19 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe

2008-04-20 08:57 . 2008-04-20 08:58 1495112 ----a-w- c:\program files\install_flash_player.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-11 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 17:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2008 3:55 AM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2008 3:55 AM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:44 AM 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 8:41 PM 297752]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]

S2 WDefend;WDefend;c:\windows\svohost.exe --> c:\windows\svohost.exe [?]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: En&queue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidqueue.htm

IE: Enqueue link target with Bulk Ima≥ Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlinkqueue.htm

IE: Open &link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebidlink.htm

IE: Open current page with Bulk I&mage Downloader - file://c:\program files\Bulk Image Downloader1.38\iemenu\iebid.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\apwncr8d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava11.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava12.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava131.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPJava32.dll

FF - plugin: c:\program files\JavaSoft\JRE\1.3.1\bin\NPOJI600.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-24 17:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-10-25 17:54

ComboFix-quarantined-files.txt 2009-10-25 00:54

ComboFix2.txt 2009-10-23 19:15

Pre-Run: 4,245,483,520 bytes free

Post-Run: 4,207,624,192 bytes free

- - End Of File - - 481E48F5CFCA8EF1DEA18539E43CA22B

Upload was successful

Link to post
Share on other sites

Thanks for the log,

Lets try an offline scanner.

Please download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory

  • Startup Objects

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

  • Click on Scan at the top right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it as Kas to the desktop
  • Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.

Link to post
Share on other sites

Detected

--------

Status Object

------ ------

deleted: Trojan program Exploit.JS.Pdfka.akk File: C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\AVGH49WV\forEt[1].pdf//data0000

deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\Qoobox\Quarantine\C\WINDOWS\system32\fedoniko.exe.vir//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\Qoobox\Quarantine\C\WINDOWS\system32\palozora.exe.vir//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\Qoobox\Quarantine\C\WINDOWS\system32\rorerilu.exe.vir//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035163.exe//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035170.exe//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035171.exe//sisa.exe

deleted: Trojan program Trojan.Win32.FraudPack.ybr File: C:\_OTM\MovedFiles\10212009_154323\Program Files\Windows Police Pro\Windows Police Pro.exe

deleted: Trojan program Trojan.Win32.FraudPack.xil File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035163.exe

deleted: Trojan program Trojan.Win32.FraudPack.xek File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035170.exe

deleted: Trojan program Trojan.Win32.FraudPack.wxl File: C:\System Volume Information\_restore{2D063E58-819D-484F-A343-1FA10C07443B}\RP541\A0035171.exe

Link to post
Share on other sites

Things seem to be back to normal. I haven't seen any signs of Security Tool or Windows Police Pro. Unfortunately my computer still runs painfully slow. What would you recommend for diagnosing slow performance? My computer is really old but I have the highest grade cable connection my provider offers and a brand new modem.

Here's the Security Check log

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 8.5

``````````````````````````````

Anti-malware/Other Utilities Check:

Advanced WindowsCare Personal

Java 6 Update 17

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.1

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

AVG avgemc.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Visit THIS website to obtain the latest update for Adobe reader, yours is quite out of date now.

It may also be a good idea to do a good defrag on the system.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on attach_add.png to insert the attachment into your post

Link to post
Share on other sites

OK I updated Adobe and ran Auslogics Disk Defrag. Computer still super slow.

As far as I know I don't have any script blocking so I went ahead and ran DDS. It never gave me a prompt for an optional scan. It just spit out the 2 log files.Attach.txt

DDS (Ver_09-11-23.01) - NTFSx86

Run by Bob at 13:31:10.70 on Mon 11/23/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Bob\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [siSUSBRG] c:\windows\SiSUSBrg.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidqueue.htm

IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm

IE: Enqueue link target with Bulk Ima≥ Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlinkqueue.htm

IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm

IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebidlink.htm

IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader1.38\iemenu\iebid.htm

IE: Open current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm

IE: Open link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm

IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\apwncr8d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? FXDRV;FXDRV

S? avg8emc;AVG Free8 E-mail Scanner

S? avg8wd;AVG8 WatchDog

S? AvgLdx86;AVG AVI Loader Driver x86

S? AvgTdiX;AVG8 Network Redirector

S? FreeAgentGoNext Service;Seagate Service

S? SeaPort;SeaPort

=============== Created Last 30 ================

2009-11-23 21:32:04 29 ----a-w- c:\documents and settings\bob\InstallDate

2009-11-23 21:32:04 0 ----a-w- c:\documents and settings\bob\Created00

2009-11-23 21:32:03 22093 ----a-w- c:\documents and settings\bob\WhiteDir

2009-11-23 21:32:03 127 ----a-w- c:\documents and settings\bob\whitedirB

2009-11-23 21:31:54 54 ----a-w- c:\documents and settings\bob\FILES00

2009-11-23 21:31:01 41 ----a-w- c:\documents and settings\bob\XP.mac

2009-11-23 07:40:48 0 d-----w- c:\docume~1\bob\applic~1\Auslogics

2009-11-23 07:40:10 0 d-----w- c:\program files\Auslogics

2009-11-05 06:08:31 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-11-05 06:08:30 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-26 03:37:31 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2009-10-26 03:37:31 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2009-10-25 21:56:32 0 d-s---w- C:\ComboFix

2009-10-25 02:26:29 524288 ----a-w- C:\dds.scr

2009-10-25 01:43:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-25 01:43:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-25 01:43:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-11-23 21:32:11 2 ----a-w- c:\documents and settings\bob\f3m0.dat

2009-11-03 22:03:27 6144 --sha-w- c:\program files\Thumbs.db

2009-10-15 20:08:28 4653448 ----a-w- c:\program files\fgen_305.exe

2009-10-11 15:10:09 236544 ----a-w- c:\windows\PEV.exe

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-04-19 22:13:12 12808339 ----a-w- c:\program files\dvdflick_setup_1.3.0.6.exe

2009-03-22 08:12:42 62729728 ----a-w- c:\program files\avg_free_stf_en_85_283a1450.exe

2008-11-27 18:50:58 27288880 ----a-w- c:\program files\QuickTimeInstaller.exe

2008-10-10 00:38:07 1761487 ----a-w- c:\program files\SopCastOcx.zip

2008-09-25 18:32:50 2306336 ----a-w- c:\program files\OrbitSetup_276.exe

2008-09-25 18:12:30 3596242 ----a-w- c:\program files\bid_1_38_setup.exe

2008-09-19 20:18:37 6089998 ----a-w- c:\program files\Combined-Community-Codec-Pack-2008-01-24.exe

2008-08-03 02:09:16 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe

2008-07-31 02:12:08 63530280 ----a-w- c:\program files\iTunesSetup.exe

2008-07-06 01:38:57 6552472 ----a-w- c:\program files\AWCSetup.exe

2008-07-03 06:15:05 2978159 ----a-w- c:\program files\cdbxp_setup_4.1.2.678.exe

2008-06-23 20:19:44 49384056 ----a-w- c:\program files\avg_free_stf_all_8_100a1323.exe

2008-04-20 08:57:42 1495112 ----a-w- c:\program files\install_flash_player.exe

2008-08-25 23:16:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 13:33:47.51 ===============

Link to post
Share on other sites

Hi,

Few things that I have noticed,

223.48 Mb Total Physical Memory | 97.68 Mb Available Physical Memory | 43.71% Memory free

That is not a lot of memory, you could do with adding more, you can pick up a gig of RAM for very cheap nowadays and you would notice a marked improvement.

Also, you have a couple entries for Norton.

Please visit HERE, determine the version of the Symantec product that is installed. (To determine the version, click Help and About.)

Select the appropriate link for the product that you want to uninstall and then run the tool.

Follow the on-screen instructions.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Link to post
Share on other sites

I'm having trouble finding Norton on my computer. The only thing I found was C:\Program Files\Symantec\LiveUpdate. The files inside are dated 2002. But 2003 is the earliest version of Norton that the Removal Tool lists. Am I not looking in the right place? There's no entry for Symantec or Norton when I go into Start>All Programs or Add/Remove Programs.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.