Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Search / Tracker Cookies


  • This topic is locked This topic is locked
11 replies to this topic

#1 v3dderpj

v3dderpj

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 04 November 2008 - 05:18 PM

Hi there. A Few days ago i contracted the nasty cool web search adware/malware program from a pop-up from the imageavenue website. I was using Avast virus scanner of which i am no longer using because it seemed to be letting various trojans in, so i ran a scan with AVG and it detected it and removed it. However i have began having trouble with tracker cookies. Whenever i am browsing online my AVG will pop up on resident shield telling me a tracker cookie attempted to run (Such as Adrevolver & Tacoda) . I ran a scan with ad-aware and found an infection in my registry (which has now been removed) and several infections in my cookies. I followed the program and removed them. I then ran a search with Spybot which came up clean, a virus/malware check with AVG and ran a scan with McAfee Stinger as instructed on this site and came up clean. I restarted my pc thinking everything was now fine. However when i started browsing again the Tracker Cookie warnings were once again poping up. I ran a scan with ad-aware and the infections which i had removed were now back. I cannot seem to get rid of them and have me really worried. Everytime i change my security settings to block all cookies, once a tracker cookie warning pops up, it re-sets it to accept all cookies and occasionally i am still receiving pops up which leads me to beleive the adware/malware may have not been totally removed from my system. Can Anyone please please help, i am really loosing sleep over this, have never had anything like this happen before ? Thankyou for reading.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:44, on 04/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySecurityCenter\Programs\service.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238451CA-2F94-4746-B5D6-21DC90A014F5} - C:\WINDOWS\system32\efcYrqNf.dll (file missing)
O2 - BHO: {404bcae9-a7b6-40aa-f6c4-8ce4c1e1ac42} - {24ca1e1c-4ec8-4c6f-aa04-6b7a9eacb404} - C:\WINDOWS\system32\vqkisq.dll
O2 - BHO: (no name) - {4D3B3CD3-3C93-452D-AE9D-5701F00FC0ED} - C:\WINDOWS\system32\rqRKEXqN.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) - http://a19.g.akamai.net/7/19/7125/1450/uk....2/cpbrukie2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129745320171
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online/on...aploader_v5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll vqkisq.dll
O20 - Winlogon Notify: efcYrqNf - efcYrqNf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14935 bytes

BC AdBot (Login to Remove)

 


#2 v3dderpj

v3dderpj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 05 November 2008 - 08:30 AM

Update:

The Exact Programs found by my AVG Were

ADWARE: Generic.IIJ
ADWARE: CoolWebSearch

They are both in my virus vault but still having problems

I have also found NvCPL in my Sytem Configuration Utility

Edited by v3dderpj, 05 November 2008 - 08:42 AM.


#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 05 November 2008 - 01:18 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 v3dderpj

v3dderpj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 05 November 2008 - 03:25 PM

Thank You Sam!!, here are the logs as requested

OTViewIt Extras logfile created on: 05/11/2008 20:19:34 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 438.88 Mb Available Physical Memory | 42.93% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.41 Gb Total Space | 20.08 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
Drive D: | 107.91 Gb Total Space | 70.22 Gb Free Space | 65.07% Space Free | Partition Type: NTFS
Drive E: | 8.55 Gb Total Space | 3.87 Gb Free Space | 45.25% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FOULDS
Current User Name: Matthew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance
[2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger
[2005/09/05 11:01:40 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
[2005/09/05 11:01:58 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
[2004/04/08 07:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
[2004/04/08 07:38:28 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
[2004/08/04 12:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax
[2005/10/10 13:01:28 | 14,881,320 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:enabled:Skype
[2004/08/04 12:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting
File not found -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 12:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance
[2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
[2007/02/08 12:19:08 | 03,511,888 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando
[2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Disabled:Yahoo! Messenger
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Hello\Hello.exe:*:Disabled:Hello!
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2005/09/05 11:01:58 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\WAOL.exe:*:Disabled:AOL 9.0
[2005/09/05 11:01:40 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\AOL.exe:*:Disabled:AOL 9.0
[2004/04/08 07:38:28 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDIAL.exe:*:Disabled:AOL 9.0 (Connectivity Service Dialer)
[2004/04/08 07:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLACSD.exe:*:Disabled:AOL 9.0 (Connectivity Service)
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
[2005/10/28 21:54:00 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Home Cinema\PowerCinema\PowerCinema.exe:*:Disabled:CyberLink PowerCinema
[2005/10/28 21:53:58 | 00,139,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Home Cinema\PowerCinema\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program
[2004/08/04 12:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax
File not found -- C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:Disabled:Nero MediaHome
[2004/08/04 12:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\Conf.exe:*:Disabled:NetMeeting
[2005/10/10 13:01:28 | 14,881,320 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype
[2006/05/06 16:42:04 | 00,093,184 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
[2007/03/27 14:22:58 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
[2008/08/14 18:27:09 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2008/09/10 16:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/11/03 19:58:47 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/11/05 17:35:53 | 00,652,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/11/03 19:58:54 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 14:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/03 19:58:53 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 16:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06680048-3E21-46D6-9A91-D927BA08F41D}"=Microsoft Encarta Standard 2006
"{0AB149EB-2AE0-466C-9BA4-3A718CF06432}"=Informations about your PC
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{261D0486-9127-4071-BA1D-FE784310752E}"=videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=PowerCinema
"{2D7D9D86-923A-41A8-919F-437332AB1033}"=Nero 7
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}"=Ulead Photo Express 5 SE
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}"=RT2500 USB Wireless LAN Card
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00116}"=Microsoft Digital Image 2006 Standard Edition Editor
"{622C377C-CF0D-492A-BC20-0480381A79E3}"=MySecurityCenter License Service
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}"=LightScribe 1.4.42.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}"=Microsoft Digital Image 2006 Standard Edition Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BFF4534-7608-41F0-85F7-31A0569D8960}"=eTrust Registration
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Pro
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}"=Microsoft AutoRoute 2006
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B338EA45-9F18-4FE4-A079-89668D1F6519}"=USB Wireless Keyboard Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{BF2F7927-92AF-4F5D-8B93-658F63DF8727}"=PDF Manual NW-A10003000
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}"=Pando
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}"=MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}"=PowerCinema Linux 4.7
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}"=CONNECT Player Language Pack
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}"=CONNECT Player
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}"=OpenMG Secure Module 4.3.00
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}"=Windows Media Connect
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}"=EPSON Print CD
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"America Online uk"=AOL UK (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL Toolbar"=AOL Toolbar
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach uk"=AOL Coach Version 1.0(Build:20040229.1 uk)
"Applet_App"=Applet_App
"Applet_Copy"=Applet_Copy
"Applet_Creativity"=Applet_Creativity
"Applet_Email"=Applet_Email
"Applet_Epp"=Applet_Epp
"Applet_File"=Applet_File
"Applet_OCR"=Applet_OCR
"Applet_Web"=Applet_Web
"AVG8Uninstall"=AVG 8.0
"BroadJump Client Foundation"=BroadJump Client Foundation
"C-Media Card Reader Driver USB2.0"=C-Media Card Reader Driver USB2.0
"C-Media USB2.0 Card Reader"=C-Media USB2.0 Card Reader
"CONNECTAutoUpdate"=CONNECT Auto Update
"Copy Utility"=Copy Utility
"Coupon Printer2.0"=Coupon Printer
"Creatix V.92 Data Fax Modem"=Creatix V.92 Data Fax Modem
"dBpoweramp [Calculate Audio CRC] Codec"=dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp FLAC Codec"=dBpoweramp FLAC Codec
"dBpoweramp m4a Codec"=dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec"=dBpoweramp Monkeys Audio Codec
"dBpoweramp Mp2 and BwfMp2 codec"=dBpoweramp Mp2 and BwfMp2 codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec"=dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec"=dBpoweramp Ogg Vorbis Codec
"dBpoweramp Shorten Codec"=dBpoweramp Shorten Codec
"dBpoweramp WavPack Codec"=dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec"=dBpoweramp Windows Media Audio 10 Codec
"dBpowerAMP WMA V9.1 Codec"=dBpowerAMP WMA V9.1 Codec
"DVD Decrypter"=DVD Decrypter (Remove Only)
"EPSON Photo Print"=EPSON Photo Print
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Smart Panel"=EPSON Smart Panel
"FLAC"=FLAC 1.2.1b (remove only)
"Free Download Manager_is1"=Free Download Manager 2.5
"GoldWave v5.23"=GoldWave v5.23
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImTOO DVD to iPod Converter"=ImTOO DVD to iPod Converter
"ImTOO MOV Converter"=ImTOO MOV Converter
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}"=OpenMG Secure Module 4.3.00
"LimeWire"=LimeWire 4.16.7
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"MedionVFD"=Medion Info Display
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"ntl.MCCInstall"=broadband medic
"NVIDIA Drivers"=NVIDIA Drivers
"PictureItPrem_v11"=Microsoft Digital Image 2006 Standard Edition
"RealPlayer 6.0"=RealPlayer
"Replay Media Catcher2.10D"=Replay Media Catcher
"Replay_AV_807"=Replay AV 8
"Replay_Converter_1"=Replay Converter 2.8
"Skype_is1"=Skype 1.4
"StreetPlugin"=Learn2 Player (Uninstall Only)
"TradersLittleHelper_is1"=Trader's Little Helper 1.1.1
"uTorrent"=µTorrent
"VideoMach 5.1.0"=VideoMach 5.1.0
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.5
"WavMerge 2.1"=WavMerge 2.1
"Windows Media Connect"=Windows Media Connect
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 10
"WindowsDrawLE"=Micrografx Windows Draw 6 Limited Edition
"WinPcapInst"=WinPcap 4.0
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"Works2006Setup"=Microsoft Works Suite 2006 Setup Launcher
"X10Hardware"=X10 Hardware™
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/10/2008 13:54:49 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3646, faulting module
wmvcore.dll, version 11.0.5705.5043, fault address 0x000fd9bd.

Error - 02/11/2008 06:49:36 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module urlmon.dll, version 7.0.6000.16735, fault address 0x0001e521.

Error - 02/11/2008 12:59:26 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x045316ce.

Error - 03/11/2008 15:56:43 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application motivesb.exe, version 5.6.7.42730, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.

Error - 03/11/2008 17:36:14 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application avgsystx.exe, version 8.0.0.134, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 03/11/2008 17:43:24 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application avgsystx.exe, version 8.0.0.134, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 03/11/2008 17:57:24 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module sb.dll, version 9.0.0.1, fault address 0x00006937.

Error - 04/11/2008 12:13:36 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module sb.dll, version 9.0.0.1, fault address 0x00006937.

Error - 05/11/2008 11:01:32 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application avgsystx.exe, version 8.0.0.134, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 05/11/2008 11:36:44 | Computer Name = FOULDS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00031c6b.

[ System Events ]
Error - 24/10/2008 15:43:23 | Computer Name = FOULDS | Source = DCOM | ID = 10010
Description = The server {959BA0A4-0893-48B4-8B02-BA0DA0A401FE} did not register
with DCOM within the required timeout.

Error - 27/10/2008 14:32:12 | Computer Name = FOULDS | Source = DCOM | ID = 10010
Description = The server {5C4C8078-24CF-4C71-B05E-8B1D935DB5AC} did not register
with DCOM within the required timeout.

Error - 27/10/2008 14:32:13 | Computer Name = FOULDS | Source = DCOM | ID = 10010
Description = The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register
with DCOM within the required timeout.

Error - 02/11/2008 12:59:16 | Computer Name = FOULDS | Source = DCOM | ID = 10010
Description = The server {959BA0A4-0893-48B4-8B02-BA0DA0A401FE} did not register
with DCOM within the required timeout.

Error - 03/11/2008 09:17:50 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 03/11/2008 09:19:07 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 03/11/2008 15:17:49 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 03/11/2008 15:17:54 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 03/11/2008 15:17:59 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 03/11/2008 15:36:54 | Computer Name = FOULDS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >




OTViewIt logfile created on: 05/11/2008 20:19:34 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Matthew\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 438.88 Mb Available Physical Memory | 42.93% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.41 Gb Total Space | 20.08 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
Drive D: | 107.91 Gb Total Space | 70.22 Gb Free Space | 65.07% Space Free | Partition Type: NTFS
Drive E: | 8.55 Gb Total Space | 3.87 Gb Free Space | 45.25% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FOULDS
Current User Name: Matthew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/04 19:44:12 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004/04/08 07:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\ACS\AOLacsd.exe
[2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/11/03 19:58:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/11/05 17:36:58 | 01,212,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/10/28 21:54:16 | 00,258,146 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
[2005/10/28 21:53:38 | 01,081,344 | ---- | M] (Cyberlink) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
[2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/08/17 19:12:32 | 00,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe
[2005/09/22 22:21:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/10/21 19:44:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2005/10/28 21:54:18 | 00,114,784 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
[2005/08/18 14:20:28 | 14,820,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2005/10/12 13:44:08 | 00,241,664 | ---- | M] () -- C:\WINDOWS\system32\CmUCREye.exe
[2005/10/11 16:11:58 | 00,126,976 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Medion Info Display\MdionLCM.exe
[2004/06/03 20:07:00 | 00,549,376 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
[2003/07/21 21:28:18 | 05,577,216 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
[2005/10/24 07:13:56 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
[2005/10/28 21:53:58 | 00,139,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
[2003/01/27 16:16:58 | 00,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2003/12/30 09:40:24 | 00,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ntl\broadband medic\SmartBridge\MotiveSB.exe
[2007/07/12 03:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2006/03/23 01:00:26 | 00,075,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
[2003/09/11 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE
[2008/11/03 19:58:46 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
[2008/11/03 19:58:46 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/03 19:58:54 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2008/11/03 19:58:55 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/03/30 05:33:38 | 00,124,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
[2006/03/08 17:56:14 | 00,091,720 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
[2008/11/03 19:58:47 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2003/10/10 08:06:10 | 00,192,512 | ---- | M] () -- C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
[2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
[2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/09/10 16:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/08/23 05:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/05/20 16:27:22 | 02,474,031 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
[2008/11/05 20:19:02 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/04 19:44:12 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/04/08 07:38:26 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/03 19:58:47 | 00,874,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/03 19:58:52 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/11/05 17:36:58 | 01,212,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/10/28 21:54:16 | 00,258,146 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
[2005/10/28 21:54:18 | 00,114,784 | ---- | M] () -- C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
[2005/10/28 21:53:38 | 01,081,344 | ---- | M] (Cyberlink) -- C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
[2007/02/06 17:19:09 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2005/08/30 14:00:50 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2008/08/17 19:12:32 | 00,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service [Auto | Running])
[2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2005/09/22 22:21:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2005/08/30 13:55:18 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2005/10/21 19:44:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2007/01/25 17:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2006/04/11 10:08:16 | 00,079,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped])
[2005/08/30 13:49:34 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/10 23:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
[2004/08/10 20:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])
[2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [On_Demand | Running])

========== Driver Services ==========

[2005/10/17 13:52:58 | 00,826,112 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
[2005/10/19 17:40:20 | 00,019,915 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/06/30 11:16:00 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006/11/29 05:46:24 | 00,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
[2005/11/21 05:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2008/11/05 17:36:58 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
[2008/11/05 17:36:58 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
[2008/11/03 19:58:46 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/03 19:58:46 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/03 19:58:46 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2008/11/05 17:36:59 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2005/10/04 17:37:54 | 00,072,320 | ---- | M] (C-Media Corporation) -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/08/18 22:35:04 | 03,856,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/08/03 22:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2004/08/04 12:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2007/01/25 17:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2005/09/22 22:21:00 | 03,524,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 09:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2005/07/14 19:58:38 | 00,241,536 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB [On_Demand | Stopped])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/07/22 19:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2002/04/11 15:21:38 | 00,013,335 | R--- | M] (Microsystems Corp) -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm [On_Demand | Stopped])
[2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/01/16 12:02:58 | 00,017,408 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.ebay.co.uk/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.co.uk/

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.co.uk/

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.co.uk/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.co.uk/

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.ebay.co.uk/

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{238451CA-2F94-4746-B5D6-21DC90A014F5} (HKLM) -- C:\WINDOWS\system32\efcYrqNf.dll File not found
{24ca1e1c-4ec8-4c6f-aa04-6b7a9eacb404} (HKLM) -- C:\WINDOWS\system32\vqkisq.dll File not found
{4D3B3CD3-3C93-452D-AE9D-5701F00FC0ED} (HKLM) -- C:\WINDOWS\system32\rqRKEXqN.dll File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE File not found
"AntivirusRegistration"=C:\Program Files\CA\Etrust Antivirus\Register.exe ()
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
"CHotkey"=mHotkey.exe ()
"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe ()
"CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER (Sony Corporation)
"EPSON Stylus Photo R200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" (SEIKO EPSON CORPORATION)
"EPSON Stylus Photo R200 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200" (SEIKO EPSON CORPORATION)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"ledpointer"=CNYHKey.exe (Chicony)
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" (Dritek System Inc.)
"Motive SmartBridge"=C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" (CyberLink Corp.)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"setc"=C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Ulead Photo Express Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized (Pando Networks)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized (Pando Networks)

========== (O4) Startup Folders ==========

[2003/10/10 08:06:10 | 00,217,088 | ---- | M] (Motive Communications, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
[2006/03/30 05:33:38 | 00,124,488 | ---- | M] (Sony Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
[2008/10/01 16:14:29 | 00,225,280 | ---- | M] (Leader Technologies) -- C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll [2004/03/22 14:58:04 | 00,385,024 | ---- | M] (IE Toolbar)
&Yahoo! Search: File not found
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll [2004/03/22 14:58:04 | 00,385,024 | ---- | M] (IE Toolbar)
&Yahoo! Search: File not found
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Button: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Menu: AOL Toolbar -- File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/07/31 14:32:32 | 00,185,848 | ---- | M] (Yahoo! Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/07/31 14:32:32 | 00,185,848 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3562614983-3933734930-115977964-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/07/31 14:32:32 | 00,185,848 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/03/27 14:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www.truprint.co.uk/TruprintActivia.cab -- Snapfish Activia
{4F912770-A045-4603-951E-9B8377084354}: http://a19.g.akamai.net/7/19/7125/1450/uk....2/cpbrukie2.cab -- cpbrukie2 Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1129745320171 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab -- Java Plug-in 1.6.0_02
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class
{A7EA8AD2-287F-11D3-B120-006008C39542}: http://offers.e-centives.com/cif/download/bin/actxcab.cab -- CBSTIEPrint Class
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}: http://playgames.virginmedia.com/online/on...aploader_v5.cab -- PopCapLoader Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{07DDB080-85C0-4250-9ED2-067BDFFDBBE0} (Servers: | Description: 1394 Net Adapter)
{417C55E4-B29C-4D6C-83FA-00B6AC3554BA} (Servers: | Description: USB Cable Modem 351000)
{93792513-5C28-4E23-8E2C-E948DC39176F} (Servers: | Description: RT2500 USB Wireless LAN Card)
{B58AE908-5D16-4ACA-885B-EE06DE02EEC2} (Servers: | Description: )
{EAE6F989-68B4-4BC4-8F7E-261A113E646C} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=,avgrsstx.dll vqkisq.dll
>File not found --
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
efcYrqNf: "DllName" = efcYrqNf.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{238451CA-2F94-4746-B5D6-21DC90A014F5}" (HKLM) -- C:\WINDOWS\system32\efcYrqNf.dll File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\rqRKEXqN,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/10/24 09:32:26 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/11/05 20:19:00 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/11/05 13:06:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/11/04 20:59:58 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/11/04 20:59:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/04 19:43:51 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/04 19:43:51 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/04 19:43:47 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/04 19:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/04 19:43:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/04 17:52:02 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\Matthew\Desktop\CWShredder.lnk
[2008/11/04 17:52:01 | 00,000,000 | ---D | C] -- C:\Program Files\InterMute
[2008/11/04 17:48:56 | 00,000,000 | ---D | C] -- C:\cwshredder
[2008/11/04 16:46:02 | 00,000,383 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/04 16:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/04 16:26:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/04 16:20:58 | 00,000,000 | ---D | C] -- C:\smartkiller
[2008/11/04 16:07:12 | 01,880,344 | -HS- | C] () -- C:\WINDOWS\System32\skcxsbqf.ini
[2008/11/03 20:40:13 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/03 19:48:13 | 00,103,638 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/03 19:46:45 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/11/03 19:46:44 | 00,090,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/03 19:46:44 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/11/03 19:46:44 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/03 19:46:40 | 00,098,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/03 19:46:38 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/03 19:46:34 | 29,664,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/03 19:46:34 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/03 19:46:34 | 00,307,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/03 19:46:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/03 19:45:38 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2008/11/03 19:45:38 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2008/11/03 19:45:36 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/03 19:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/03 14:59:49 | 01,454,930 | -HS- | C] () -- C:\WINDOWS\System32\dlvugxkl.ini
[2008/11/03 12:51:43 | 01,454,909 | -HS- | C] () -- C:\WINDOWS\System32\lamntmvc.ini
[2008/11/03 12:50:07 | 00,000,881 | -HS- | C] () -- C:\WINDOWS\System32\NqXEKRqr.ini2
[2008/11/03 12:50:06 | 00,000,881 | -HS- | C] () -- C:\WINDOWS\System32\NqXEKRqr.ini
[2008/10/08 12:51:50 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Matthew\My Documents\22 WALK.doc

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/11/05 20:19:02 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew\Desktop\OTViewIt.exe
[2008/11/05 20:09:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/05 20:09:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/05 20:09:41 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/05 17:36:59 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/05 17:36:58 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2008/11/05 17:36:58 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2008/11/05 16:09:11 | 00,000,570 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/05 16:09:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2008/11/05 16:09:11 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/05 15:31:41 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\Matthew\My Documents\My Sharing Folders.lnk
[2008/11/05 15:24:00 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/05 13:11:40 | 00,037,469 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/05 09:34:33 | 29,664,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/04 20:59:58 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\HijackThis.lnk
[2008/11/04 19:43:51 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/04 19:43:51 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/04 17:52:02 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\Matthew\Desktop\CWShredder.lnk
[2008/11/04 16:48:19 | 00,000,881 | -HS- | M] () -- C:\WINDOWS\System32\NqXEKRqr.ini
[2008/11/04 16:47:15 | 00,000,383 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/04 16:46:06 | 00,000,881 | -HS- | M] () -- C:\WINDOWS\System32\NqXEKRqr.ini2
[2008/11/04 16:12:13 | 01,880,344 | -HS- | M] () -- C:\WINDOWS\System32\skcxsbqf.ini
[2008/11/03 19:58:46 | 00,098,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/03 19:58:46 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/03 19:58:46 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/11/03 19:58:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/03 19:48:13 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/03 19:48:13 | 00,103,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/03 19:46:45 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/11/03 19:46:34 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/03 19:37:28 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/11/03 14:59:58 | 01,454,930 | -HS- | M] () -- C:\WINDOWS\System32\dlvugxkl.ini
[2008/11/03 13:15:40 | 01,454,909 | -HS- | M] () -- C:\WINDOWS\System32\lamntmvc.ini
[2008/11/03 13:10:11 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/03 13:10:11 | 00,382,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/03 13:10:11 | 00,053,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/02 16:12:49 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Matthew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/30 20:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/24 05:56:48 | 00,008,140 | ---- | M] () -- C:\Documents and Settings\Matthew\Application Data\wklnhst.dat
[2008/10/15 16:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 16:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 02:09:27 | 00,577,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 02:03:02 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/08 13:56:34 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Matthew\My Documents\22 WALK.doc
[2008/10/07 12:19:42 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 05 November 2008 - 04:14 PM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\WINDOWS\System32\dlvugxkl.ini
    C:\WINDOWS\System32\lamntmvc.ini
    C:\WINDOWS\System32\NqXEKRqr.ini
    C:\WINDOWS\System32\NqXEKRqr.ini2
    C:\WINDOWS\System32\skcxsbqf.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):"msv1_0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{238451CA-2F94-4746-B5D6-21DC90A014F5}"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{238451CA-2F94-4746-B5D6-21DC90A014F5}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24ca1e1c-4ec8-4c6f-aa04-6b7a9eacb404}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D3B3CD3-3C93-452D-AE9D-5701F00FC0ED}]
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 v3dderpj

v3dderpj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 06 November 2008 - 10:29 AM

Have done exactly as u said

here is the Moveit Log

========== FILES ==========
C:\WINDOWS\System32\dlvugxkl.ini moved successfully.
C:\WINDOWS\System32\lamntmvc.ini moved successfully.
C:\WINDOWS\System32\NqXEKRqr.ini moved successfully.
C:\WINDOWS\System32\NqXEKRqr.ini2 moved successfully.
C:\WINDOWS\System32\skcxsbqf.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{238451CA-2F94-4746-B5D6-21DC90A014F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{238451CA-2F94-4746-B5D6-21DC90A014F5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{238451CA-2F94-4746-B5D6-21DC90A014F5}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24ca1e1c-4ec8-4c6f-aa04-6b7a9eacb404}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D3B3CD3-3C93-452D-AE9D-5701F00FC0ED}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Matthew\LOCALS~1\Temp\Perflib_Perfdata_b44.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_OgqMMZ6lgLfUE6R scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11062008_151617

Files moved on Reboot...
File C:\DOCUME~1\Matthew\LOCALS~1\Temp\Perflib_Perfdata_b44.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\sqlite_OgqMMZ6lgLfUE6R not found!


and here is the new Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:03, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySecurityCenter\Programs\service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) - http://a19.g.akamai.net/7/19/7125/1450/uk....2/cpbrukie2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129745320171
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online/on...aploader_v5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll vqkisq.dll
O20 - Winlogon Notify: efcYrqNf - efcYrqNf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14518 bytes

Awaiting further instructions (the avg pop-up alert for tracker cookies is still coming in, just incase u need to know)

Edited by v3dderpj, 06 November 2008 - 01:05 PM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 06 November 2008 - 04:03 PM

Cookies are not a threat and really can't be avoided if you're going to be online at all. It's a good idea to clean them out from time to time, but they aren't ever going to do you any harm. I recommend adjusting the settings in AVG so that you're not notified every time you get one. I can imagine that would be frustrating. :thumbsup:

Just a few more steps here and you should be good to go.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) - http://a19.g.akamai.net/7/19/7125/1450/uk....2/cpbrukie2.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O20 - Winlogon Notify: efcYrqNf - efcYrqNf.dll (file missing)



===============


Copy this into OTMoveIt3 just like you did before.

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll


===============


You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 v3dderpj

v3dderpj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 07 November 2008 - 08:29 AM

The thing with the tracker cookies is that, AVG doesn't pop up everytime a cookie runs only when a tracker cookie runs. It will say something like 'A Tracker Cookie Attempted To Run' and will give the name of the tracker cookie it blocked, it usually being something like 'Hot Casino' or 'Adrevolver' for example which were 2 of the pop-ups i was getting as a result of this malware and it worried me a bit that it might not be totally removed from my system.

Have followed all the steps in your last post and here is the updated log as requested :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:53, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySecurityCenter\Programs\service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P39 "EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129745320171
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.virginmedia.com/online/on...aploader_v5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13944 bytes

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 07 November 2008 - 09:00 AM

Let me help put your mind at ease some if I can. A cookie is nothing more than just a text file that contains certain information. That information can consist of usernames and passwords of the sites that you log into, or it can list sites that you visit, or various other info. But it is still nothing more than a text file. And like any text file, it can't run on it's own. Another program, such as a website that you visit, can access that information, but the cookie itself does nothing more than store information. So AVG's alert is misleading, at best.

Now if you are still getting popups, that is indicative that you may still have a malware problem.

There is a great little free program called ATF Cleaner. You can download it here.
http://www.atribune.org/ccount/click.php?id=1

It's a small program and very easy to run. It will quickly clean out any cookies or temp files from your computer. I run it on my computer frequently just to keep things clean.



Your log looks clean to me. Assuming that you aren't getting popups any longer, we can proceed with some final steps.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 v3dderpj

v3dderpj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Derby, England
  • Local time:03:06 PM

Posted 07 November 2008 - 10:04 AM

Thankyou so much for all your help, everything seems to be running good now ! Will reply back here if any of the problems start again. Have done and installed all the programs u recomended, Spyblaster looks a great program ! Thanks again for all your help, i will be donating to you very soon ! :thumbsup:

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 07 November 2008 - 11:16 AM

I'm glad I could help out! :thumbsup:

I'll keep this thread open for a couple weeks in case you run into any trouble.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Malware Response Team
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 PM

Posted 21 November 2008 - 06:50 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users