Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This Log


  • This topic is locked This topic is locked
14 replies to this topic

#1 Josh Rogan

Josh Rogan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 13 July 2009 - 02:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:46 PM, on 7/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PersonalAV\pav.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Jim\Program Files\DNA\btdna.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gearheadgarage.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\Windows\system32\vumer.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: bignetdaddy search enhancer - {7AD30FCF-1B05-E9B5-F67C-78FB23B29509} - C:\Windows\system32\qliasvcpbcxh.dll
O2 - BHO: bignetdaddy - {8ef727c8-687f-07c3-c2d9-61a5663c367c} - C:\Windows\system32\nsd9A9A.dll
O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jim\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dbbebecddbaad - C:\Windows\system32\dbbebecddbaad.dll (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8765 bytes

The main problem is that a virus protection system was installed called Personal Anti virus and is continually popping up. I think this is the problem although i don't know how to get rid of it. Any Help Would be great.

Edited by Josh Rogan, 13 July 2009 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 14 July 2009 - 06:09 PM

Any Help would be Great~!

Hello Josh Rogan,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 14 July 2009 - 06:28 PM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 24 July 2009 - 04:34 PM

Hello Josh Rogan

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 25 July 2009 - 12:43 AM

OTL logfile created on: 7/24/2009 10:50:51 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Jim\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.44% Memory free
4.00 Gb Paging File | 3.24 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120.17 Gb Total Space | 59.70 Gb Free Space | 49.68% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.70 Gb Free Space | 18.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 19.53 Gb Total Space | 9.64 Gb Free Space | 49.34% Space Free | Partition Type: NTFS

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Users\Jim\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (.norton2009Reset [Disabled | Stopped]) -- C:\Program Files\Norton2009Reset.exe ()
SRV - (avg8wd [Disabled | Stopped]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Recovery Service for Windows [Auto | Running]) -- C:\Windows\SMINST\BLService.exe ()
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Boot | Running]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Boot | Running]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Boot | Running]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Boot | Running]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Boot | Running]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Boot | Running]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Boot | Running]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Boot | Running]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (athr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Boot | Running]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Boot | Running]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HpCISSs [Boot | Running]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Boot | Running]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (iteatapi [Boot | Running]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Boot | Running]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Boot | Running]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Boot | Running]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Boot | Running]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Boot | Running]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Boot | Running]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Boot | Running]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Boot | Running]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Boot | Running]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Boot | Running]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Boot | Running]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (Symc8xx [Boot | Running]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Boot | Running]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Boot | Running]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Boot | Running]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Boot | Running]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Boot | Running]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Boot | Running]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Boot | Running]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gearheadgarage.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DDSMEkl) - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\Windows\System32\vumer.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Searchme Toolbar) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (bignetdaddy search enhancer) - {7AD30FCF-1B05-E9B5-F67C-78FB23B29509} - C:\Windows\System32\qliasvcpbcxh.dll ()
O2 - BHO: (bignetdaddy) - {8ef727c8-687f-07c3-c2d9-61a5663c367c} - C:\Windows\System32\nsd9A9A.dll ()
O2 - BHO: (&Helper) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Searchme Toolbar) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MRT] C:\Windows\System32\MRT.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Jim\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\dbbebecddbaad: DllName - C:\Windows\system32\dbbebecddbaad.dll - C:\Windows\System32\dbbebecddbaad.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 02:01:12 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 11:42:25 | 00,000,024 | ---- | M] () - Q:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f8be428-ea5e-11dd-8679-001d72749427}\Shell - "" = AutoRun
O33 - MountPoints2\{4f8be428-ea5e-11dd-8679-001d72749427}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fb9e6912-d36f-11dd-8f0a-001d72749427}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9e6912-d36f-11dd-8f0a-001d72749427}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/07/24 22:49:03 | 00,286,208 | ---- | C] () -- C:\Users\Jim\Desktop\elw3uvdt.exe
[2009/07/24 22:47:59 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/18 17:45:34 | 02,031,373 | -H-- | C] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/18 17:29:36 | 00,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/07/17 16:29:40 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/17 16:29:40 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/17 16:29:40 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/17 16:29:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/13 15:27:43 | 00,001,874 | ---- | C] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/13 15:27:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/13 15:16:16 | 20,753,40800 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/12 15:25:24 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/12 15:24:52 | 18,574,7972 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/12 15:23:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/12 15:23:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/10 18:27:14 | 00,054,272 | ---- | C] () -- C:\Windows\System32\drivers\UACscbwwrnqaviyjtspw.sys
[2009/07/08 22:55:37 | 00,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Move Networks
[2009/07/06 20:17:20 | 00,019,456 | ---- | C] () -- C:\Windows\System32\UACxbtvencwvpcpuimqe.dll
[2009/07/06 20:17:17 | 00,018,432 | ---- | C] () -- C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll
[2009/07/06 20:17:11 | 00,000,310 | ---- | C] () -- C:\Windows\System32\UACnqevtbeanfefnbrrr.dat
[2009/07/06 20:17:10 | 00,006,326 | ---- | C] () -- C:\Windows\System32\uacinit.dll
[2009/07/06 20:16:16 | 00,067,072 | ---- | C] () -- C:\Windows\System32\UACsqyawbocqimvwmolt.dll
[2009/07/06 20:15:30 | 00,028,672 | ---- | C] () -- C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll
[2009/07/06 20:14:54 | 00,056,320 | ---- | C] () -- C:\Windows\System32\drivers\UACyeiqsxxuukdnfiiex.sys
[2009/06/29 10:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/06/29 10:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalAV
[2009/06/27 18:24:59 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009/06/01 18:31:02 | 00,045,426 | ---- | C] () -- C:\Windows\System32\qliasvcpbcxh.dll-uninst.exe
[2009/06/01 05:36:38 | 01,351,680 | ---- | C] () -- C:\Windows\System32\nsd9A9A.dll
[2009/05/27 13:24:12 | 00,420,864 | ---- | C] () -- C:\Windows\System32\qliasvcpbcxh.dll
[2008/12/26 13:08:11 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/06/12 14:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/04 13:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/07/24 22:49:12 | 00,286,208 | ---- | M] () -- C:\Users\Jim\Desktop\elw3uvdt.exe
[2009/07/24 22:48:09 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2009/07/24 22:45:49 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/24 22:45:49 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/24 22:45:49 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/24 22:45:19 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3C9EF95D-B3B7-4D6A-9B0A-BA791B614230}.job
[2009/07/24 22:41:47 | 00,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/07/24 22:40:48 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/24 22:40:48 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/24 22:39:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/24 22:39:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/24 22:39:33 | 00,382,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/24 22:38:54 | 20,753,40800 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/18 17:45:34 | 02,031,373 | -H-- | M] () -- C:\Users\Jim\AppData\Local\IconCache.db
[2009/07/18 17:29:36 | 00,000,197 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/07/18 17:29:33 | 00,056,320 | ---- | M] () -- C:\Windows\System32\drivers\UACyeiqsxxuukdnfiiex.sys
[2009/07/18 17:29:33 | 00,054,272 | ---- | M] () -- C:\Windows\System32\drivers\UACscbwwrnqaviyjtspw.sys
[2009/07/13 15:29:03 | 00,032,768 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 15:27:43 | 00,001,874 | ---- | M] () -- C:\Users\Jim\Desktop\HijackThis.lnk
[2009/07/13 15:15:23 | 00,001,356 | ---- | M] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2009/07/12 15:25:24 | 18,574,7972 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/12 09:26:25 | 00,025,283 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/12 09:26:15 | 38,089,105 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/06 20:17:20 | 00,019,456 | ---- | M] () -- C:\Windows\System32\UACxbtvencwvpcpuimqe.dll
[2009/07/06 20:17:17 | 00,018,432 | ---- | M] () -- C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll
[2009/07/06 20:17:12 | 00,028,672 | ---- | M] () -- C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll
[2009/07/06 20:17:11 | 00,000,310 | ---- | M] () -- C:\Windows\System32\UACnqevtbeanfefnbrrr.dat
[2009/07/06 20:17:10 | 00,006,326 | ---- | M] () -- C:\Windows\System32\uacinit.dll
[2009/07/06 20:16:16 | 00,067,072 | ---- | M] () -- C:\Windows\System32\UACsqyawbocqimvwmolt.dll
[2009/07/02 09:57:19 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/02 09:57:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/02 09:57:19 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/02 09:26:13 | 16,742,799 | ---- | M] () -- C:\Users\Jim\Documents\vlc-0.9.9-win32.exe
[2009/06/30 18:36:57 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/28 19:55:51 | 00,002,627 | ---- | M] () -- C:\Users\Jim\Desktop\Microsoft Office Word 2007.lnk
[2009/06/27 09:39:26 | 00,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJim.job

========== LOP Check ==========

[2009/07/08 22:55:37 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming
[2008/12/25 17:36:45 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\acccore
[2009/06/07 18:29:45 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Any Video Converter
[2009/03/24 20:49:48 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AusLogics
[2009/07/13 15:26:12 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BitTorrent
[2009/03/25 19:15:33 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CyberLink
[2008/12/26 13:13:54 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DAEMON Tools
[2008/12/26 13:17:08 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DAEMON Tools Lite
[2008/12/26 13:13:54 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DAEMON Tools Pro
[2009/07/24 22:51:48 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DNA
[2009/07/09 12:24:37 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FrostWire
[2009/06/22 19:33:28 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leadertech
[2009/07/08 22:55:37 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Move Networks
[2009/03/23 18:05:36 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\muvee Technologies
[2008/12/25 23:47:18 | 00,000,000 | RH-D | M] -- C:\Users\Jim\AppData\Roaming\SecuROM
[2008/12/26 14:10:36 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SPORE
[2008/12/29 04:06:18 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SPORE Creature Creator
[2008/12/26 15:31:03 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SporeCreatureCreator
[2008/12/25 22:51:15 | 00,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2009/06/27 09:39:26 | 00,000,314 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForJim.job
[2009/07/24 22:39:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/18 17:45:39 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/24 22:45:19 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3C9EF95D-B3B7-4D6A-9B0A-BA791B614230}.job

========== Purity Check ==========


< End of report >








OTL Extras logfile created on: 7/24/2009 10:50:51 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Jim\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.44% Memory free
4.00 Gb Paging File | 3.24 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120.17 Gb Total Space | 59.70 Gb Free Space | 49.68% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.70 Gb Free Space | 18.15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 19.53 Gb Total Space | 9.64 Gb Free Space | 49.34% Space Free | Partition Type: NTFS

Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{47CD3E47-B870-40BC-842B-CFA8D8AE878F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E8ED9C-BCD1-41D5-968F-A16B52E7869C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{19AFCCC6-D096-4A05-8BAB-18EE64A64D5C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{22E8F529-8DD0-4BF8-A769-ADD96541DCED}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56F4D6F1-BC77-4447-BD7E-AD5A1A043765}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{63DA6CC9-AE11-463E-904B-6F0E98FBFDFD}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9672EFA4-5086-4914-A4C7-75F583C436E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9ACA766B-19E8-493B-BD54-04306AA518DA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A6EA3F8E-A912-4FB3-9EEA-6C24A008B92E}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{C8F554C7-B099-4399-813F-8A2B38A79F77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F222F178-0924-4ECE-8F2E-FBD980B4A2C0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FF74EBDE-BEA3-47BC-AE6A-F4E2C6F30C26}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{34FA0013-78FA-48F0-B322-89843E705632}C:\users\jim\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jim\program files\dna\btdna.exe |
"TCP Query User{7AB9E68B-B7CF-4739-9EB9-F3053D4C4FE8}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{96E961B0-F70E-427E-988A-23D734346B19}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FC1EBA4F-AC37-4A81-BED1-D88DE335443A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{495E90DC-F18C-45CA-AFF2-66F583039630}C:\users\jim\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jim\program files\dna\btdna.exe |
"UDP Query User{770618C0-5155-48B8-AEF6-97D0D83038BE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{9A5CFC31-235A-4A5F-809C-AF359A077FF4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{A79398BF-B3FE-4B88-9481-D074CD55D023}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = AusLogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8F45B588-E25F-5A01-688F-298A3DD7167F}" = Search Assistant Bignetdaddy
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FD2E3551-29BB-4FC6-B775-A3330955F7B6}" = Searchme Toolbar
"01859600-16c6-6613-f1d0-8f2019148d40" = Contextual Application Bignetdaddy
"7-Zip" = 7-Zip 4.62
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Any Video Converter_is1" = Any Video Converter 2.5.9
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.17.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2009 3:15:38 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 7/13/2009 3:17:42 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, time
stamp 0x459d73c0, faulting module ViewpointService.exe, version 2.0.0.54, time stamp
0x459d73c0, exception code 0x80000003, fault offset 0x00002250, process id 0xd4c,
application start time 0x01ca03ee9515da3e.

Error - 7/13/2009 3:18:29 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/13/2009 3:25:31 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam-setup.exe, version 1.38.0.0, time stamp
0x2a425e19, faulting module mbam-setup.exe, version 1.38.0.0, time stamp 0x2a425e19,
exception code 0x80000003, fault offset 0x00009a94, process id 0xaa0, application
start time 0x01ca03efaf33e5fe.

Error - 7/13/2009 5:10:41 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, time
stamp 0x459d73c0, faulting module ViewpointService.exe, version 2.0.0.54, time stamp
0x459d73c0, exception code 0x80000003, fault offset 0x00002250, process id 0x8c4,
application start time 0x01ca03fe5f9d18c9.

Error - 7/13/2009 5:11:17 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/17/2009 4:24:21 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, time
stamp 0x459d73c0, faulting module ViewpointService.exe, version 2.0.0.54, time stamp
0x459d73c0, exception code 0x80000003, fault offset 0x00002250, process id 0xd8,
application start time 0x01ca071c829c68b0.

Error - 7/17/2009 4:24:45 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/18/2009 5:24:35 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, time
stamp 0x459d73c0, faulting module ViewpointService.exe, version 2.0.0.54, time stamp
0x459d73c0, exception code 0x80000003, fault offset 0x00002250, process id 0xc84,
application start time 0x01ca07ee23322348.

Error - 7/18/2009 5:25:15 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/17/2009 4:23:24 PM | Computer Name = Jim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:15:14 PM on 7/13/2009 was unexpected.

Error - 7/17/2009 4:23:44 PM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =

Error - 7/17/2009 4:24:46 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/17/2009 4:24:46 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/17/2009 4:24:46 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/18/2009 5:23:39 PM | Computer Name = Jim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:43:56 PM on 7/17/2009 was unexpected.

Error - 7/18/2009 5:23:59 PM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =

Error - 7/18/2009 5:25:17 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/18/2009 5:25:17 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/18/2009 5:25:17 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >







GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 01:41:25
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x51 ? 85163BF8
INT 0x51 ? 85163BF8
INT 0x51 ? 85163BF8
INT 0x51 ? 85163BF8
INT 0x51 ? 85163BF8
INT 0x92 ? 8618EBF8
INT 0xA2 ? 8618EBF8
INT 0xA2 ? 8618EBF8
INT 0xA2 ? 8618EBF8
INT 0xB2 ? 8618EBF8
INT 0xB2 ? 8618EBF8
INT 0xB2 ? 8618EBF8
INT 0xB2 ? 8618EBF8
INT 0xB2 ? 8618EBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spas.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8CBCB46F 5 Bytes JMP 8618E1D8
.text aueef6ze.SYS 8CD64000 22 Bytes [26, 12, C2, 81, 10, 11, C2, ...]
.text aueef6ze.SYS 8CD64017 126 Bytes [00, 32, 67, 39, 82, 3D, 65, ...]
.text aueef6ze.SYS 8CD64096 18 Bytes [CA, 81, 44, 13, CA, 81, 9C, ...]
.text aueef6ze.SYS 8CD640A9 35 Bytes [00, CA, 81, A0, F7, C9, 81, ...]
.text aueef6ze.SYS 8CD640CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8228D6D2] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8228D040] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8228D7FC] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8228D0BE] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8228D13C] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8229D048] \SystemRoot\System32\Drivers\spas.sys
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [8D5750FC] \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.)
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aueef6ze.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2688] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [01FFC6AB] c:\program files\aim6\services\imApp\ver6_5_8_1\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2892] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851891F8
Device \FileSystem\fastfat \FatCdrom 8540E1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 851651F8
Device \Driver\usbuhci \Device\USBPDO-0 860501F8
Device \Driver\usbuhci \Device\USBPDO-1 860501F8
Device \Driver\usbuhci \Device\USBPDO-2 860501F8
Device \Driver\usbehci \Device\USBPDO-3 8609F458
Device \Driver\usbuhci \Device\USBPDO-4 860501F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 860501F8
Device \Driver\usbuhci \Device\USBPDO-6 860501F8
Device \Driver\volmgr \Device\HarddiskVolume1 851651F8
Device \Driver\usbehci \Device\USBPDO-7 8609F458
Device \Driver\netbt \Device\NetBT_Tcpip_{A7D898A1-E72D-4220-B743-5E7E4CB2C068} 8745F1F8
Device \Driver\volmgr \Device\HarddiskVolume2 851651F8
Device \Driver\cdrom \Device\CdRom0 861391F8
Device \Driver\cdrom \Device\CdRom1 861391F8
Device \Driver\volmgr \Device\HarddiskVolume3 851651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851681F8
Device \Driver\atapi \Device\Ide\IdePort0 851681F8
Device \Driver\atapi \Device\Ide\IdePort1 851681F8
Device \Driver\atapi \Device\Ide\IdePort2 851681F8
Device \Driver\atapi \Device\Ide\IdePort3 851681F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 851681F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8516B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8516B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8516B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8516B1F8
Device \Driver\PCI_PNP4868 \Device\00000073 spas.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 8745F1F8
Device \Driver\Smb \Device\NetbiosSmb 874641F8
Device \Driver\iScsiPrt \Device\RaidPort0 861381F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 860501F8
Device \Driver\usbuhci \Device\USBFDO-1 860501F8
Device \Driver\usbuhci \Device\USBFDO-2 860501F8
Device \Driver\usbehci \Device\USBFDO-3 8609F458
Device \Driver\usbuhci \Device\USBFDO-4 860501F8
Device \Driver\usbuhci \Device\USBFDO-5 860501F8
Device \Driver\sptd \Device\4261548882 spas.sys
Device \Driver\usbuhci \Device\USBFDO-6 860501F8
Device \Driver\netbt \Device\NetBT_Tcpip_{8D579CDC-6589-4C81-894D-23E665C2CC73} 8745F1F8
Device \Driver\usbehci \Device\USBFDO-7 8609F458
Device \Driver\aueef6ze \Device\Scsi\aueef6ze1 861421F8
Device \Driver\aueef6ze \Device\Scsi\aueef6ze1Port5Path0Target0Lun0 861421F8
Device \FileSystem\fastfat \Fat 8540E1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 84ADB1F8

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\UACyeiqsxxuukdnfiiex.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0xEB 0x4C 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0xB7 0x81 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0x7D 0x00 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeiqsxxuukdnfiiex.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeiqsxxuukdnfiiex.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvbijbrsqrvljhgpsx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACsqyawbocqimvwmolt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACnqevtbeanfefnbrrr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfucfxeytfrcvwkrvu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACxbtvencwvpcpuimqe.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0xEB 0x4C 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE6 0xB7 0x81 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0x7D 0x00 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyeiqsxxuukdnfiiex.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyeiqsxxuukdnfiiex.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvbijbrsqrvljhgpsx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACsqyawbocqimvwmolt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACnqevtbeanfefnbrrr.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfucfxeytfrcvwkrvu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACxbtvencwvpcpuimqe.dll

---- EOF - GMER 1.0.15 ----

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 25 July 2009 - 02:45 PM

Please go to Start >Control Panel >Add\Remove programs
remove these below:
AskBar or (Ask toolbar)

then close out of the Add\remove programs list.
========================Next===================
Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.
@Echo off

elw3uvdt -del service "uacd.sys"
elw3uvdt -del file "C:\Windows\System32\drivers\UACyeiqsxxuukdnfiiex.sys"

Then please double click on fixthis.bat a window will open and close quickly.This is normal.
==============Then==============
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (DDSMEkl) - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\Windows\System32\vumer.dll File not found
    O2 - BHO: (bignetdaddy) - {8ef727c8-687f-07c3-c2d9-61a5663c367c} - C:\Windows\System32\nsd9A9A.dll ()
    O2 - BHO: (&Helper) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\Windows\System32\msxmlm.dll File not found
    O20 - Winlogon\Notify\dbbebecddbaad: DllName - C:\Windows\system32\dbbebecddbaad.dll - C:\Windows\System32\dbbebecddbaad.dll File not found
    [2009/07/06 20:17:20 | 00,019,456 | ---- | C] () -- C:\Windows\System32\UACxbtvencwvpcpuimqe.dll
    [2009/07/06 20:17:17 | 00,018,432 | ---- | C] () -- C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll
    [2009/07/06 20:17:11 | 00,000,310 | ---- | C] () -- C:\Windows\System32\UACnqevtbeanfefnbrrr.dat
    [2009/07/06 20:17:10 | 00,006,326 | ---- | C] () -- C:\Windows\System32\uacinit.dll
    [2009/07/06 20:16:16 | 00,067,072 | ---- | C] () -- C:\Windows\System32\UACsqyawbocqimvwmolt.dll
    [2009/07/06 20:15:30 | 00,028,672 | ---- | C] () -- C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll
    [2009/07/06 20:14:54 | 00,056,320 | ---- | C] () -- C:\Windows\System32\drivers\UACyeiqsxxuukdnfiiex.sys
    [2009/06/29 10:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
    [2009/06/29 10:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalAV
    [2009/06/01 18:31:02 | 00,045,426 | ---- | C] () -- C:\Windows\System32\qliasvcpbcxh.dll-uninst.exe
    [2009/06/01 05:36:38 | 01,351,680 | ---- | C] () -- C:\Windows\System32\nsd9A9A.dll
    [2009/05/27 13:24:12 | 00,420,864 | ---- | C] () -- C:\Windows\System32\qliasvcpbcxh.dll
    [2009/07/18 17:29:33 | 00,054,272 | ---- | M] () -- C:\Windows\System32\drivers\UACscbwwrnqaviyjtspw.sys
    
    :files
    C:\Program Files\AskBarDis
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
==============================Finally=========================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.


Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 25 July 2009 - 10:47 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ef727c8-687f-07c3-c2d9-61a5663c367c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ef727c8-687f-07c3-c2d9-61a5663c367c}\ deleted successfully.
C:\Windows\System32\nsd9A9A.dll unregistered successfully.
C:\Windows\System32\nsd9A9A.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A77D3539-581D-450C-9E44-A84C415A6172}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbbebecddbaad\ deleted successfully.
LoadLibrary failed for C:\Windows\System32\UACxbtvencwvpcpuimqe.dll
C:\Windows\System32\UACxbtvencwvpcpuimqe.dll NOT unregistered.
C:\Windows\System32\UACxbtvencwvpcpuimqe.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll
C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll NOT unregistered.
C:\Windows\System32\UACfucfxeytfrcvwkrvu.dll moved successfully.
C:\Windows\System32\UACnqevtbeanfefnbrrr.dat moved successfully.
LoadLibrary failed for C:\Windows\System32\uacinit.dll
C:\Windows\System32\uacinit.dll NOT unregistered.
C:\Windows\System32\uacinit.dll moved successfully.
LoadLibrary failed for C:\Windows\System32\UACsqyawbocqimvwmolt.dll
C:\Windows\System32\UACsqyawbocqimvwmolt.dll NOT unregistered.
C:\Windows\System32\UACsqyawbocqimvwmolt.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll
C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll NOT unregistered.
C:\Windows\System32\UACvbijbrsqrvljhgpsx.dll moved successfully.
File C:\Windows\System32\drivers\UACyeiqsxxuukdnfiiex.sys not found.
C:\Program Files\Common Files\Uninstall moved successfully.
C:\Program Files\PersonalAV moved successfully.
C:\Windows\System32\qliasvcpbcxh.dll-uninst.exe moved successfully.
File C:\Windows\System32\nsd9A9A.dll not found.
C:\Windows\System32\qliasvcpbcxh.dll unregistered successfully.
C:\Windows\System32\qliasvcpbcxh.dll moved successfully.
C:\Windows\System32\drivers\UACscbwwrnqaviyjtspw.sys moved successfully.
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 14616779 bytes
File delete failed. C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 101023753 bytes
->Java cache emptied: 23744324 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2740 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.96 mb


OTL by OldTimer - Version 3.0.10.3 log created on 07252009_185052

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







ComboFix 09-07-24.01 - Jim 07/25/2009 19:10.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1164 [GMT -4:00]
Running from: F:\Comboo.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2116460717-2427591870-2069918985-500
c:\$recycle.bin\S-1-5-21-2727371590-1635103109-1650667331-500
c:\$recycle.bin\S-1-5-21-4132864004-3106197503-2646642224-1001
c:\program files\Norton2009Reset.exe
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security
c:\windows\Installer\56f29.msi
c:\windows\system32\01859600-16c6-6613-f1d0-8f2019148d40.exe
c:\windows\system32\drivers\UACd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 23:19 . 2009-07-25 23:22 -------- d-----w- c:\users\Jim\AppData\Local\temp
2009-07-25 22:51 . 2009-07-25 22:51 20480 ----a-w- c:\windows\system32\uacserf.dll
2009-07-25 22:51 . 2009-07-25 22:51 18432 ----a-w- c:\windows\system32\uacmask.dll
2009-07-25 22:51 . 2009-07-25 22:51 26624 ----a-w- c:\windows\system32\uacc.dll
2009-07-25 22:51 . 2009-07-25 22:51 310 ----a-w- c:\windows\system32\uacsr.dat
2009-07-25 22:51 . 2009-07-25 22:51 74240 ----a-w- c:\windows\system32\uacbbr.dll
2009-07-25 22:50 . 2009-07-25 22:50 -------- d-----w- C:\_OTL
2009-07-17 20:29 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 20:29 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 20:29 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-17 20:29 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 19:27 . 2009-07-13 19:27 -------- d-----w- c:\program files\Trend Micro
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-09 02:55 . 2009-07-09 02:55 34062 ----a-w- c:\users\Jim\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\users\Jim\AppData\Roaming\Move Networks
2009-06-27 22:24 . 2009-06-27 22:24 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 23:19 . 2009-01-18 21:45 -------- d-----w- c:\users\Jim\AppData\Roaming\DNA
2009-07-18 21:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:26 . 2009-01-18 21:45 -------- d-----w- c:\users\Jim\AppData\Roaming\BitTorrent
2009-07-13 19:15 . 2009-01-01 01:47 1356 ----a-w- c:\users\Jim\AppData\Local\d3d9caps.dat
2009-07-09 16:24 . 2009-01-02 02:01 -------- d-----w- c:\users\Jim\AppData\Roaming\FrostWire
2009-07-09 02:52 . 2009-03-19 00:50 -------- d-----w- c:\programdata\avg8
2009-07-02 13:57 . 2009-03-19 00:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 13:57 . 2009-03-19 00:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 13:57 . 2009-03-19 00:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 23:33 . 2009-06-22 23:33 -------- d-----w- c:\users\Jim\AppData\Roaming\Leadertech
2009-06-22 23:32 . 2009-06-22 23:32 -------- d-----w- c:\program files\Atari
2009-06-22 23:32 . 2008-07-26 05:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 22:29 . 2009-01-11 01:25 -------- d-----w- c:\users\Jim\AppData\Roaming\Any Video Converter
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\programdata\WindowsSearch
2009-05-31 20:12 . 2009-05-31 20:12 -------- d-----w- c:\program files\Searchme.com
2009-05-31 20:12 . 2009-05-31 20:12 -------- d-----w- c:\program files\YouTube Downloader
2009-05-27 22:06 . 2008-07-26 06:36 -------- d-----w- c:\program files\Java
2009-05-20 01:16 . 2009-03-19 00:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-09 05:50 . 2009-06-13 12:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-13 12:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2008-07-26 03:45 . 2008-07-26 03:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2008-07-27 282112]

[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-19 50528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\users\Jim\Program Files\DNA\btdna.exe" [2009-01-19 342848]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-08 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8F554C7-B099-4399-813F-8A2B38A79F77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{22E8F529-8DD0-4BF8-A769-ADD96541DCED}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9ACA766B-19E8-493B-BD54-04306AA518DA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{47CD3E47-B870-40BC-842B-CFA8D8AE878F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{56F4D6F1-BC77-4447-BD7E-AD5A1A043765}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9672EFA4-5086-4914-A4C7-75F583C436E5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF74EBDE-BEA3-47BC-AE6A-F4E2C6F30C26}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{19AFCCC6-D096-4A05-8BAB-18EE64A64D5C}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{17E8ED9C-BCD1-41D5-968F-A16B52E7869C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F222F178-0924-4ECE-8F2E-FBD980B4A2C0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{63DA6CC9-AE11-463E-904B-6F0E98FBFDFD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A6EA3F8E-A912-4FB3-9EEA-6C24A008B92E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/18/2009 8:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/18/2009 8:51 PM 108552]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [7/26/2008 2:31 AM 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2008 10:34 PM 24652]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/4/2008 1:54 PM 113664]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/26/2008 1:31 AM 193840]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 8:50 PM 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\HPCeeScheduleForJim.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-26 03:03]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3C9EF95D-B3B7-4D6A-9B0A-BA791B614230}.job
- c:\windows\system32\msfeedssync.exe [2009-04-17 11:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\msdtc.exe
.
**************************************************************************
.
Completion time: 2009-07-25 19:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 23:30

Pre-Run: 59,333,730,304 bytes free
Post-Run: 59,062,190,080 bytes free

193 --- E O F --- 2009-07-25 22:34

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 26 July 2009 - 08:35 AM

Please download TFC by Old Timer.Double-click TFC.exe to run the program.
(If using Vista please Right Click and Choose "Run as Administrator")
Click the Start button.
Please reboot when prompted.
===================================MalwareBytes=============================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=============================Panda Active scan=================
Please go HERE to run Panda's ActiveScan 2.0
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the yellow bar to install the active x control.
  • Then click Install.
  • It will begin to download and scan.
  • When the scan completes, click on the Export now button then save the file to your desktop.
  • Close Active scan 2.0
  • Please post the contents of the log here in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 28 July 2009 - 09:57 PM

Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 6.0.6001 Service Pack 1

7/27/2009 10:12:28 PM
mbam-log-2009-07-27 (22-12-28).txt

Scan type: Full Scan (C:\|D:\|Q:\|)
Objects scanned: 323407
Time elapsed: 16 hour(s), 53 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ddsme.kl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ddsme.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{624f9012-d73b-11dd-95af-61c156d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{52cde0e4-d73b-11dd-9b90-fcc056d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Jim\documents\EA Games\tiger woods pga tour 08\tiger woods pga tour 08 (pc) with crack + keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\uacc.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Windows\System32\uacmask.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\07252009_185052\Windows\System32\UACfucfxeytfrcvwkrvu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\07252009_185052\Windows\System32\UACsqyawbocqimvwmolt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\07252009_185052\Windows\System32\UACvbijbrsqrvljhgpsx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\07252009_185052\Windows\System32\UACxbtvencwvpcpuimqe.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\personalav\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\personalav\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.




;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-28 22:55:25
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 19
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@atdmt[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@com[1].txt
00167653 Cookie/Outster TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@outster[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@azjmp[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@statcounter[1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@counter1.sextracker[1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@counter1.sextracker[1].txt
00167778 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@ehg-sonycomputer.hitbox[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@www.burstbeacon[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@stat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@realmedia[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@www5.addfreestats[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@questionmarket[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy_laptop7@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No Q:\Users\Jimmy Laptop7\AppData\Roaming\Microsoft\Windows\Cookies\jimmy_laptop7@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@ads.addynamix[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\Windows\System32\drivers\qhsgj.sys
01477422 Adware/SecurityError Adware No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHOIER22\u463[1].ini
02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@counter12.sextracker[1].txt
02359639 Adware/GoodSearchNow Adware No 1 Yes No C:\Qoobox\Quarantine\C\Windows\System32\drivers\uacd.sys.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTL\MovedFiles\07252009_185052\Windows\System32\qliasvcpbcxh.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location ֲ|̀�? �9
;===================================================================================================================================================================================
No C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe ֲ|̀�? �9
No C:\Program Files\HP Games\Polar Bowler\Polar.exe ֲ|̀�? �9
No C:\ProgramData\WildTangent\0e2b9435-14af-49aa-8f7e-bf59ff51c6e8-extr.exe[supercow.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe[WinBej2.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe[WinBej2.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\2698CE7D-5E0F-45A5-B451-557D8A56C3B9-extr.exe[golf.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\3C448D22-AD49-43EC-85C5-A6020A10E823-extr.exe[Maze.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\4D731396-96E3-4E5F-BA0E-8D4D560EE60F-extr.exe[FamilyFeud.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe[Chuzzle.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\a704e632-f561-4ba7-9bab-c5627c3c5368-extr.exe[Plant Tycoon.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\b286431f-1490-4c4f-a408-a38e3743d97a-extr.exe[Wheel of Fortune.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe[Zuma.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe[Zuma.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\E1C0210F-E01D-446A-8A15-9E2C938199DD-extr.exe[mahjong.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\e2b97a3a-abc8-4666-a349-e68f8db02613-extr.exe[VirtualVillagers.exe] ֲ|̀�? �9
No C:\ProgramData\WildTangent\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe[penguins.exe] ֲ|̀�? �9
No C:\Qoobox\Quarantine\C\Program Files\Norton2009Reset.exe.vir ֲ|̀�? �9
No C:\Windows\System32\uacbbr.dll ֲ|̀�? �9
No C:\Windows\System32\uacserf.dll ֲ|̀�? �9
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ֲ|̀�? �9
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 29 July 2009 - 06:59 AM

1. Open notepad and copy/paste the text in the codebox below into it:



http://www.bleepingcomputer.com/forums/t/241232/my-hijack-this-log/?p=1360292

Collect::
C:\Windows\System32\drivers\qhsgj.sys
C:\Windows\System32\uacbbr.dll
C:\Windows\System32\uacserf.dll

File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHOIER22\u463[1].ini
Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 29 July 2009 - 04:18 PM

ComboFix 09-07-29.01 - Jim 07/29/2009 16:48.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1040 [GMT -4:00]
Running from: c:\users\Jim\Desktop\CombolFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHOIER22\u463[1].ini"

file zipped: c:\windows\System32\uacbbr.dll
file zipped: c:\windows\System32\uacserf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4132864004-3106197503-2646642224-1001
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHOIER22\u463[1].ini
c:\windows\System32\uacbbr.dll
c:\windows\System32\uacserf.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 20:57 . 2009-07-29 20:58 -------- d-----w- c:\users\Jim\AppData\Local\temp
2009-07-28 02:23 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-28 02:23 . 2009-07-28 02:23 -------- d-----w- c:\program files\Panda Security
2009-07-27 06:48 . 2009-07-27 06:48 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes
2009-07-27 06:48 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 06:48 . 2009-07-27 06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 06:48 . 2009-07-27 06:48 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 06:48 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 22:51 . 2009-07-25 22:51 310 ----a-w- c:\windows\system32\uacsr.dat
2009-07-25 22:50 . 2009-07-25 22:50 -------- d-----w- C:\_OTL
2009-07-17 20:29 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 20:29 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 20:29 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-17 20:29 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 19:27 . 2009-07-13 19:27 -------- d-----w- c:\program files\Trend Micro
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 19:23 . 2009-07-12 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-09 02:55 . 2009-07-09 02:55 34062 ----a-w- c:\users\Jim\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-07-09 02:55 . 2009-07-09 02:55 -------- d-----w- c:\users\Jim\AppData\Roaming\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 20:56 . 2009-01-18 21:45 -------- d-----w- c:\users\Jim\AppData\Roaming\DNA
2009-07-18 21:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:26 . 2009-01-18 21:45 -------- d-----w- c:\users\Jim\AppData\Roaming\BitTorrent
2009-07-13 19:15 . 2009-01-01 01:47 1356 ----a-w- c:\users\Jim\AppData\Local\d3d9caps.dat
2009-07-09 16:24 . 2009-01-02 02:01 -------- d-----w- c:\users\Jim\AppData\Roaming\FrostWire
2009-07-09 02:52 . 2009-03-19 00:50 -------- d-----w- c:\programdata\avg8
2009-07-02 13:57 . 2009-03-19 00:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 13:57 . 2009-03-19 00:51 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 13:57 . 2009-03-19 00:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 23:33 . 2009-06-22 23:33 -------- d-----w- c:\users\Jim\AppData\Roaming\Leadertech
2009-06-22 23:32 . 2009-06-22 23:32 -------- d-----w- c:\program files\Atari
2009-06-22 23:32 . 2008-07-26 05:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 22:29 . 2009-01-11 01:25 -------- d-----w- c:\users\Jim\AppData\Roaming\Any Video Converter
2009-06-05 21:49 . 2009-06-05 21:49 -------- d-----w- c:\programdata\WindowsSearch
2009-05-31 20:12 . 2009-05-31 20:12 -------- d-----w- c:\program files\Searchme.com
2009-05-31 20:12 . 2009-05-31 20:12 -------- d-----w- c:\program files\YouTube Downloader
2009-05-20 01:16 . 2009-03-19 00:51 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-09 05:50 . 2009-06-13 12:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-13 12:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2008-07-26 03:45 . 2008-07-26 03:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_23.22.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 02:56 . 2009-07-22 05:58 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iesetup.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iernonce.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iesetup.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iernonce.dll
+ 2009-07-29 02:56 . 2009-07-22 04:26 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedssync.exe
+ 2009-07-29 02:56 . 2009-07-22 05:59 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedsbs.dll
+ 2009-07-29 02:56 . 2009-07-21 20:13 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedssync.exe
+ 2009-07-29 02:56 . 2009-07-21 21:48 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedsbs.dll
+ 2009-07-29 02:56 . 2009-07-22 06:03 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\WininetPlugin.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\jsproxy.dll
+ 2009-07-29 02:56 . 2009-07-21 21:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\WininetPlugin.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\jsproxy.dll
+ 2008-01-21 01:58 . 2009-07-27 06:41 46922 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-07-25 23:01 46922 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-29 20:36 95324 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-26 06:55 . 2009-07-29 20:36 11072 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2727371590-1635103109-1650667331-1000_UserData.bin
+ 2008-12-26 02:26 . 2009-07-29 20:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-26 02:26 . 2009-07-18 21:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-26 02:26 . 2009-07-18 21:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 02:26 . 2009-07-29 20:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 02:26 . 2009-07-29 20:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-26 02:26 . 2009-07-18 21:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-25 23:21 . 2009-07-25 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-27 06:39 . 2009-07-29 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-25 23:21 . 2009-07-25 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-27 06:39 . 2009-07-29 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-29 02:56 . 2009-07-22 05:58 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieui.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieui.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\iesysprep.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\iesysprep.dll
+ 2009-07-29 02:56 . 2009-07-22 04:27 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\ie4uinit.exe
+ 2009-07-29 02:56 . 2009-07-21 20:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe
+ 2009-07-29 02:56 . 2009-07-22 06:02 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\sqmapi.dll
+ 2009-07-29 02:56 . 2009-07-21 21:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\sqmapi.dll
+ 2009-07-29 02:56 . 2009-07-22 06:01 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\occache.dll
+ 2009-07-29 02:56 . 2009-07-21 21:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\occache.dll
+ 2009-07-29 02:56 . 2009-07-22 06:04 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
+ 2009-07-29 02:56 . 2009-07-22 04:27 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\ieUnatt.exe
+ 2009-07-29 02:56 . 2009-07-21 21:53 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
+ 2009-07-29 02:56 . 2009-07-21 20:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\ieUnatt.exe
+ 2009-07-29 02:56 . 2009-07-22 05:58 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\IEShims.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\IEShims.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\ieproxy.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\ieproxy.dll
+ 2009-07-29 02:56 . 2009-07-22 05:59 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\msfeeds.dll
+ 2009-07-29 02:56 . 2009-07-21 21:48 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\msfeeds.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\iepeers.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\iepeers.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\iedkcs32.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\iedkcs32.dll
+ 2009-07-29 02:56 . 2009-07-22 06:03 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
+ 2009-07-29 02:56 . 2009-07-21 21:52 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
+ 2008-12-26 05:25 . 2009-07-28 23:57 115944 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-29 20:41 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-25 23:03 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-25 23:03 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-29 20:41 101350 c:\windows\System32\perfc009.dat
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2009-07-29 02:56 . 2009-07-22 05:58 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\iertutil.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\iertutil.dll
+ 2009-07-29 02:56 . 2009-07-22 05:59 5938176 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
+ 2009-07-29 02:56 . 2009-07-21 21:48 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
+ 2009-07-29 02:56 . 2009-07-22 06:02 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\urlmon.dll
+ 2009-07-29 02:56 . 2009-07-21 21:52 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\urlmon.dll
+ 2006-11-02 10:22 . 2009-07-29 20:39 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-07-25 22:56 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-29 20:47 . 2009-07-29 20:47 6111232 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-07-29 02:56 . 2009-07-22 05:58 11068416 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll
+ 2009-07-29 02:56 . 2009-07-21 21:47 11067392 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll
+ 2009-05-14 07:21 . 2009-07-29 02:55 90811983 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
2008-07-27 18:03 282112 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2008-07-27 282112]

[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-19 50528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"BitTorrent DNA"="c:\users\Jim\Program Files\DNA\btdna.exe" [2009-01-19 342848]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-08 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8F554C7-B099-4399-813F-8A2B38A79F77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{22E8F529-8DD0-4BF8-A769-ADD96541DCED}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9ACA766B-19E8-493B-BD54-04306AA518DA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{47CD3E47-B870-40BC-842B-CFA8D8AE878F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{56F4D6F1-BC77-4447-BD7E-AD5A1A043765}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9672EFA4-5086-4914-A4C7-75F583C436E5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FF74EBDE-BEA3-47BC-AE6A-F4E2C6F30C26}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{19AFCCC6-D096-4A05-8BAB-18EE64A64D5C}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{17E8ED9C-BCD1-41D5-968F-A16B52E7869C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F222F178-0924-4ECE-8F2E-FBD980B4A2C0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{63DA6CC9-AE11-463E-904B-6F0E98FBFDFD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A6EA3F8E-A912-4FB3-9EEA-6C24A008B92E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [7/27/2009 10:23 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/18/2009 8:51 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/18/2009 8:51 PM 108552]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [7/26/2008 2:31 AM 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2008 10:34 PM 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/26/2008 1:31 AM 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/4/2008 1:54 PM 113664]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 8:50 PM 298776]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\HPCeeScheduleForJim.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-26 03:03]

2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{3C9EF95D-B3B7-4D6A-9B0A-BA791B614230}.job
- c:\windows\system32\msfeedssync.exe [2009-04-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 16:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-29 17:03
ComboFix-quarantined-files.txt 2009-07-29 21:03
ComboFix2.txt 2009-07-25 23:30

Pre-Run: 54,177,439,744 bytes free
Post-Run: 54,080,692,224 bytes free

257 --- E O F --- 2009-07-29 20:40
Upload was successful

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 30 July 2009 - 06:49 AM

Looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 30 July 2009 - 03:46 PM

Everything is Running much better the personal anti virus application is gone and its running faster than ever. Thank you very much and do you have any tips on how to keep my computer virus free.

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 31 July 2009 - 06:34 AM

Great.

Cleanup:

Please double click on OTL it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your all set. :thumbup2:


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Josh Rogan

Josh Rogan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 01 August 2009 - 03:07 AM

Alright Everything is done thank you very much.

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:02 AM

Posted 01 August 2009 - 07:39 AM

You are welcome :thumbup2:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users