Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups bypassing my stoppers


  • This topic is locked This topic is locked
23 replies to this topic

#1 Anna G

Anna G

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 23 July 2009 - 01:32 PM

Everytime I use IE or Firefox (default), something causes popups to start showing up. I have AVG Antivirus + Anti-rootkit, something called WinPatrol Plus which I haven't figured out yet, Spybot S&D, PrevX, and Popup Stopper Pro all running yet these things dodge it all and show up on my monitor. I clicked a few and sent messages to each of the ad pproducts and get bureaucratic nonsense back.
Anyway here is what HijackThis scanned and logged:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:22, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://superfastcomputer.com/resources.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {548821F3-AA56-49B5-9B8E-186CB6ECD61A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BPSDataShredder] C:\Program Files\BulletProofSoft.com\BPS Data Shredder\BPSDataShredder.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [GGWallpaper] C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} (Trinity License Installer) - http://trinity.dlsite.com/activex/trilicdl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209423701515
O16 - DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} (PbEbkick Control) - http://trinity.dlsite.com/activex/pbebkick.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: khfGxWnN - khfGxWnN.dll (file missing)
O21 - SSODL: ChkComponent - {121a32f0-d421-42c0-b889-74d0c87172fa} - (no file)
O21 - SSODL: VolumePrx - {06ae3f58-b1ed-4848-874f-e7a5bc1caeeb} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 10947 bytes

I did the DDS/Attach thing also, if needed.

Please be patient with me, this is all brand new to me and my husband who installed about everything in here is off firefighting in the Okanagan.

BC AdBot (Login to Remove)

 


m

#2 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 30 July 2009 - 01:23 AM

I guess as I have not had an email or a reply here that no-one knows what to do about my problem.
Thank you so much.
Have a nice day.

Edited by Anna G, 30 July 2009 - 01:25 AM.


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:06 AM

Posted 02 August 2009 - 12:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 02 August 2009 - 01:46 PM

I can imagine you'd all be busy.

What my problem is, is that every time I use IE or Firefox (default), something causes popups to start showing up.

I am running;

PrevXv3.0.1.65

AVG 8.5.406 with anti-rootkit

Popup Stopper Pro

Spyware Doctor

Spybot S&D

WinPatrol but I have no idea what that does.

Here is the DDS results:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Al at 11:20:57.10 on Thu 07/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.682 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://superfastcomputer.com/resources.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86}: Media Access Startup
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
{548821f3-aa56-49b5-9b8e-186cb6ecd61a}
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
{a98d0065-7326-41b5-b8d9-c5b692cdb82f}
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
BHO: BearSharePersonalization: {dd1849ea-8403-4441-8dff-7575aae1dc16} - c:\program files\bearshare applications\personalization\BearSharePersonalizationIE_v1044.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [BPSDataShredder] c:\program files\bulletproofsoft.com\bps data shredder\BPSDataShredder.exe
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [GGWallpaper] c:\program files\beautifulearth\Beautiful-Earth.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PopUpStopperProfessional] "c:\progra~1\panicw~1\pop-up~1\PopUpStopperProfessional.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\al\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap 6\HprSnap6.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} - hxxp://trinity.dlsite.com/activex/trilicdl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209423701515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: khfGxWnN - khfGxWnN.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ChkComponent - {121a32f0-d421-42c0-b889-74d0c87172fa} - No File
SSODL: VolumePrx - {06ae3f58-b1ed-4848-874f-e7a5bc1caeeb} - No File
{a98d0065-7326-41b5-b8d9-c5b692cdb82f}
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayxVOhG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\sest519a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://superfastcomputer.com/resources.html
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - component: c:\program files\internet saving optimizer\3.4.0.4340\ff\components\NPFFAddOn.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-2 12552]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-1-18 24971]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-30 130936]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-7-15 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-7-15 27656]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-2 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-23 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-2 298776]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-7-15 4368952]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\system32\drivers\TSSFSFD.sys [2009-4-22 85120]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\drivers\TSSFLT.sys [2009-4-22 85120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-19 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-1-21 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-1-21 1095560]

=============== Created Last 30 ================

2009-07-20 22:16 <DIR> --d----- c:\program files\iPod
2009-07-20 22:16 <DIR> --d----- c:\program files\iTunes
2009-07-19 16:14 <DIR> --d----- c:\docume~1\al\applic~1\WinPatrol
2009-07-19 16:14 <DIR> --d----- c:\program files\BillP Studios
2009-07-19 16:13 730,256 a------- c:\program files\wpsetup.exe
2009-07-19 13:34 <DIR> --d----- c:\program files\backups
2009-07-19 13:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-19 13:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-19 13:23 16,409,960 a------- c:\program files\spybotsd162.exe
2009-07-19 13:14 63 a------- c:\windows\system\SysSD.dll
2009-07-19 13:12 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-07-19 13:12 <DIR> --d----- c:\program files\SpywareDetector
2009-07-19 13:09 7,327,392 a------- c:\program files\spywaredetector.exe
2009-07-19 10:01 92,672 a------- c:\windows\system32\KillBox.exe
2009-07-18 12:37 <DIR> --d----- c:\program files\Panicware
2009-07-18 12:37 1,680,112 a------- c:\program files\PopUpStopperProfessional.exe
2009-07-17 08:19 15,157 -------- c:\windows\KB969897-IE8.cat
2009-07-16 15:32 <DIR> -cd-h--- c:\windows\ie8
2009-07-16 15:28 <DIR> --d----- C:\494f5209c09fd5152601
2009-07-15 23:51 8,114,720 a------- c:\program files\Firefox Setup 3.5.exe
2009-07-15 14:15 401,720 a------- c:\program files\hijackthis.exe
2009-07-15 14:14 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-07-15 14:14 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-07-15 14:14 <DIR> --d----- c:\program files\Prevx
2009-07-15 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-07-15 14:14 472 a------- c:\windows\wininit.ini
2009-07-15 14:13 <DIR> --d----- C:\!KillBox
2009-07-15 14:09 787,000 a------- c:\program files\PREVXCSIFREE.EXE
2009-07-15 14:00 92,672 a------- c:\program files\KillBox.exe
2009-07-12 16:54 <DIR> --d----- c:\program files\Media Access Startup
2009-07-12 16:53 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-07-12 16:53 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-12 16:53 <DIR> --d----- c:\program files\DoubleD
2009-06-28 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-28 19:53 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-27 08:20 754 a------- c:\windows\WORDPAD.INI
2009-06-23 17:30 <DIR> --d----- c:\program files\QuickSnooker 7
2009-06-23 17:29 6,175,866 a------- c:\program files\qs7setup.exe

==================== Find3M ====================

2009-07-22 17:00 10,903 a------- c:\program files\hijackthis.log
2009-07-19 16:02 8,047,896 a------- c:\program files\rminstall.exe
2009-07-19 10:35 46,382 a------- c:\program files\profile-1.jpg
2009-07-19 10:06 5,154,304 a------- c:\program files\WindowsDefender.msi
2009-07-02 08:29 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 10:06 5,468,064 a------- c:\program files\HS6Setup.exe
2009-06-25 10:48 5,021,800 a------- c:\program files\SweetImSetup.exe
2009-06-18 09:27 2,474,531 a------- c:\program files\fc_setup_.zip
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 17:47 23,190,736 a------- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 21:41 16,070,968 a------- c:\program files\gimp-2.6.6-i686-setup.exe
2009-05-13 08:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-19 20:55 807,211 a------- c:\program files\C19H28O2.v7.19.zip
2009-04-15 18:14 2,433,024 a------- c:\program files\SRO_L4_Full_Client_Downloader.exe
2009-04-15 13:56 16,742,799 a------- c:\program files\vlc-0.9.9-win32.exe
2009-04-10 09:58 438,592 a------- c:\program files\msgr9us.exe
2009-03-30 08:10 6,482,600 a------- c:\program files\ashampoo_burningstudio551_se.exe
2009-03-20 10:48 1,180,475 a------- c:\program files\lily_pond_3142326.scr
2009-03-20 10:32 6,135,208 a------- c:\program files\Zinio_Reader_Setup.exe
2009-03-17 17:50 1,056,646,770 a------- c:\program files\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-03-05 16:46 1,234,120 a------- c:\program files\wrar380.exe
2009-02-04 11:17 4,717,016 a------- c:\program files\NewScientist2009Screensaver_PC.zip
2009-01-30 14:21 3,365,132 a------- c:\program files\qssetup.exe
2009-01-27 15:06 1,052,676 a------- c:\program files\NewVersion.exe
2009-01-13 18:14 64,856,808 a------- c:\program files\avg_ipw_stf_en_8_229a1410.exe
2008-12-24 11:30 3,446,202 a------- c:\program files\winterwonderlands.exe
2008-12-24 11:25 9,970,673 a------- c:\program files\winterw.exe
2008-12-20 00:01 884 a------- c:\program files\ebx.etd
2008-12-19 23:39 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-12-13 01:30 68,756,776 a------- c:\program files\iTunesSetup.exe
2008-12-12 16:42 5,139,160 a------- c:\program files\emusic_setup_standalone.exe
2008-12-09 17:21 19,994,184 a------- c:\program files\QuickTimeInstaller.exe
2008-11-08 23:39 6,426,753 a------- c:\program files\singles2patch_1_3esd.exe
2008-11-08 23:17 16,246,442 a------- c:\program files\singles2v13.zip
2008-10-17 23:17 807,352 a------- c:\program files\en-jetcast-player.exe
2008-10-04 15:39 2,869,264 a------- c:\program files\dotNetFx35setup.exe
2008-10-04 15:27 23,510,720 a------- c:\program files\dotnetfx.exe
2008-10-01 23:33 2,209,516 a------- c:\program files\SIsa_setup.exe
2008-08-20 00:00 20,730,680 a------- c:\program files\DivXBundle.exe
2008-08-19 23:52 25,740,144 ac------ c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-15 12:39 257,519 a------- c:\program files\rlcqc2.exe
2008-08-09 23:18 300,272 a------- c:\program files\MySpaceIM_Setup.exe
2008-07-23 09:17 9,956,432 a------- c:\program files\UtherverseSetup.exe
2008-07-07 22:17 2,481,540 a------- c:\program files\imgconvert.exe
2008-07-05 12:31 4,645,910 a------- c:\program files\Wood_Workshop_1,01_Setup.exe
2008-06-21 17:21 1,951,432 a------- c:\program files\ppviewer.exe
2008-06-21 17:14 324,888 ac------ c:\program files\TestDriveWizard-v1.2.1.exe
2008-05-30 19:41 786,432 a------- c:\program files\di524_firmware_123.bin
2008-05-30 15:41 54,123,192 a------- c:\program files\avg_ipw_stf_en_8_93a1300.exe
2008-05-15 09:32 462,183,314 ac------ c:\program files\SinglesAO_Setup.exe
2008-05-15 08:45 458,251,690 ac------ c:\program files\Singles2_Setup_1.40.exe
2008-05-08 22:19 2,069,934 a------- c:\program files\Earth-Setup.exe
2008-05-08 22:12 2,124,162 a------- c:\program files\3dfish394cn.exe
2008-05-08 21:55 36,435,440 a------- c:\program files\071214_ATI_2000xp.exe
2008-05-08 21:52 50,510,847 a------- c:\program files\071214_ATI_xp64bit.exe
2008-05-02 08:25 63,905,424 a------- c:\program files\avg_iswt_stf_all_8_93a1293_fc.exe
2008-04-26 17:04 1,534,052 a------- c:\program files\imgmerge.exe
2008-04-26 17:00 1,434,989 a------- c:\program files\merge20.exe
2008-03-26 13:14 3,773,756 a------- c:\program files\KLR009.exe
2008-03-09 17:31 13,413,048 a------- c:\program files\Google_Earth_BZXV.exe
2008-01-23 16:55 482,355,064 a------- c:\program files\RLCVipSetup.exe
2008-01-22 02:53 8,774,592 ac------ c:\program files\ShareazaV4.exe
2008-01-22 02:44 9,278,904 a------- c:\program files\BearShareV6.exe
2008-01-21 04:45 4,220,855 a------- c:\program files\iuydskj987ds.exe
2008-01-21 04:36 16,955,400 a------- c:\program files\sdsetup.exe
2008-01-20 19:24 6,026,816 a------- c:\program files\Firefox Setup 2.0.0.11.exe
2008-01-20 18:25 2,246,525 ac------ c:\program files\TheGeneral-Password-Setup.exe
2008-01-20 14:14 423,736 a------- c:\program files\avgarkt-setup-1.1.0.42.exe
2008-01-20 13:53 437,392 a------- c:\program files\msgr8us.exe

============= FINISH: 11:21:35.28 ===============

I can post the Hijack This notes, too, if necessary.

Edited by Anna G, 02 August 2009 - 01:53 PM.


#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:06 AM

Posted 03 August 2009 - 09:56 AM

Hello Anna my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


1. I do not recommend that you have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Prevx.

Note: Between the two, I strongly suggest that you remove Prevx.


2. BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.

BearShare itself is not a threat; however, the free version is bundled with adware which can display advertising on the computer and can have privacy issues.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BearShare). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


3. We need to download and run ComboFix (by sUBs)

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2

  • Temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note**:

*If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


Warning!

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper, *** If your are not the topic starter DO NOT run this tool as it could cause irreversible damage to your computer.


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


4. Lastly, please create a fresh DDS log. Post the DDS.text and attach the attach.text created by DDS together with the combofix log.


Regards,
~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 03 August 2009 - 10:42 AM

Thanks. I will run the combofix.
We do not use Bearshare very often as we found Ipod music. Guess we could uninstall it.But nothing got into the pc from Bearshare I can assure you. This only started about 2 weeks ago and its been months since we used Bearshare.
We use "Open Office" at times.
PrevX is disabled.
I have combofix d/led. Just need to get a chance to get off Yahoo chat. :thumbup2:

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:06 AM

Posted 04 August 2009 - 06:11 PM

Hi,

Please post the logs if you already have them so we can continue cleaning your computer.

Regards,
~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 05 August 2009 - 02:57 PM

Just got the Combofix done this morning. 3rd try. lol Had to keep shutting things off including my AVG and then it wanted me to connect to the net without my AV running. Made me nervous.

Here is Combofix log:

ComboFix 09-08-02.04 - Al 08/05/2009 8:44.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.953 [GMT -7:00]
Running from: c:\program files\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Al\Local Settings\Temporary Internet Files\ISOSetup.exe
c:\documents and settings\Al\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\BPS Data Shredder\BPS Data Shredder Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\BPS Data Shredder\BPS Data Shredder.lnk
c:\program files\BulletProofSoft.com
c:\program files\BulletProofSoft.com\BPS Data Shredder\APIHook9x.dll
c:\program files\BulletProofSoft.com\BPS Data Shredder\APIHookxp.dll
c:\program files\BulletProofSoft.com\BPS Data Shredder\BPSDataShredder.exe
c:\program files\BulletProofSoft.com\BPS Data Shredder\CtxMenu.dll
c:\program files\BulletProofSoft.com\BPS Data Shredder\HLP\BPSDataShred.chm
c:\program files\BulletProofSoft.com\BPS Data Shredder\HookFunc.dll
c:\program files\BulletProofSoft.com\BPS Data Shredder\HookSetup.dll
c:\program files\BulletProofSoft.com\BPS Data Shredder\Lang\English.bmp
c:\program files\BulletProofSoft.com\BPS Data Shredder\Lang\English.ini
c:\program files\BulletProofSoft.com\BPS Data Shredder\log.txt
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\aboutus.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\Bigwarn.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\BPSDataShredder.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\English.ini
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\langauge.ini
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\Msgskin.skn
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\progress.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\purchase.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\skin.skn
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\Splash.spl
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\subfolder_options.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\taskName.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\Skin\warnning.swf
c:\program files\BulletProofSoft.com\BPS Data Shredder\SysInfo.exe
c:\program files\BulletProofSoft.com\BPS Data Shredder\TrayIcon.lib
c:\program files\BulletProofSoft.com\BPS Data Shredder\unins000.dat
c:\program files\BulletProofSoft.com\BPS Data Shredder\unins000.exe
c:\program files\BulletProofSoft.com\BPS Data Shredder\Update\Update.cli
c:\program files\BulletProofSoft.com\BPS Data Shredder\Update\Update.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\Installer\3748305.msi
c:\windows\Installer\c878b.msp

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-03 15:41 . 2009-08-03 15:41 3154522 ----a-r- c:\program files\ComboFix.exe
2009-08-03 05:57 . 2009-08-03 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-29 00:33 . 2009-07-17 15:07 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-29 00:33 . 2009-07-17 15:07 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-29 00:33 . 2009-07-17 15:07 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-21 05:16 . 2009-07-21 05:16 -------- d-----w- c:\program files\iPod
2009-07-21 05:16 . 2009-07-21 05:17 -------- d-----w- c:\program files\iTunes
2009-07-21 05:11 . 2009-07-21 05:11 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 04:54 . 2009-07-21 04:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-19 23:14 . 2009-07-19 23:14 -------- d-----w- c:\documents and settings\Al\Application Data\WinPatrol
2009-07-19 23:14 . 2009-07-19 22:59 0 ----a-w- c:\documents and settings\Al\Application Data\WinPatrol\Autoexec.bat
2009-07-19 23:14 . 2008-01-18 07:44 0 ----a-w- c:\documents and settings\Al\Application Data\WinPatrol\Config.sys
2009-07-19 23:14 . 2009-07-19 23:14 -------- d-----w- c:\program files\BillP Studios
2009-07-19 23:13 . 2009-07-19 23:13 730256 ----a-w- c:\program files\wpsetup.exe
2009-07-19 20:34 . 2009-07-19 20:34 -------- d-----w- c:\program files\backups
2009-07-19 20:25 . 2009-07-19 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 20:25 . 2009-07-19 20:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 20:23 . 2009-07-19 20:23 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-07-19 20:14 . 2009-07-19 20:14 63 ----a-w- c:\windows\system\SysSD.dll
2009-07-19 20:12 . 2005-06-14 19:09 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-19 20:12 . 2009-07-19 21:58 -------- d-----w- c:\program files\SpywareDetector
2009-07-19 20:09 . 2009-07-19 20:09 7327392 ----a-w- c:\program files\spywaredetector.exe
2009-07-19 17:59 . 2009-07-19 18:26 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 17:08 . 2009-07-19 17:08 -------- d-----w- c:\program files\Windows Defender
2009-07-19 17:05 . 2009-07-19 17:06 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-07-19 17:01 . 2009-07-15 21:00 92672 ----a-w- c:\windows\system32\KillBox.exe
2009-07-18 19:37 . 2009-07-18 19:37 -------- d-----w- c:\program files\Panicware
2009-07-18 19:37 . 2009-07-18 19:37 1680112 ----a-w- c:\program files\PopUpStopperProfessional.exe
2009-07-17 15:07 . 2009-07-17 15:07 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-16 22:32 . 2009-07-16 22:34 -------- dc-h--w- c:\windows\ie8
2009-07-16 22:28 . 2009-07-16 22:28 -------- d-----w- C:\494f5209c09fd5152601
2009-07-16 06:51 . 2009-07-16 06:51 8114720 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-15 21:15 . 2009-07-15 21:15 401720 ----a-w- c:\program files\hijackthis.exe
2009-07-15 21:13 . 2009-07-15 21:13 -------- d-----w- C:\!KillBox
2009-07-15 21:09 . 2009-07-15 21:09 787000 ----a-w- c:\program files\PREVXCSIFREE.EXE
2009-07-15 21:00 . 2009-07-15 21:00 92672 ----a-w- c:\program files\KillBox.exe
2009-07-12 23:54 . 2009-07-12 23:54 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\Internet Saving Optimizer
2009-07-12 23:54 . 2009-07-16 01:29 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\Media Access Startup
2009-07-12 23:53 . 2009-07-12 23:53 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-12 23:53 . 2009-07-13 15:50 -------- d-----w- c:\program files\DoubleD
2009-07-12 23:53 . 2009-07-12 23:53 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\DoubleD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 16:03 . 2008-05-09 05:19 -------- d-----w- c:\documents and settings\Al\Application Data\BeautifulEarth
2009-08-05 15:38 . 2008-05-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 06:31 . 2008-01-21 11:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 05:37 . 2008-01-21 11:36 -------- d-----w- c:\program files\Spyware Doctor
2009-08-01 01:49 . 2009-06-02 16:30 -------- d-----w- c:\documents and settings\Al\Application Data\gtk-2.0
2009-07-29 00:33 . 2008-05-02 16:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 00:33 . 2008-01-20 20:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 00:33 . 2008-05-02 16:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 18:30 . 2009-07-19 17:26 10949 ----a-w- c:\program files\hijackthis.log
2009-07-21 05:20 . 2008-12-16 06:57 -------- d-----w- c:\program files\Safari
2009-07-21 05:16 . 2008-12-13 08:32 -------- d-----w- c:\program files\Common Files\Apple
2009-07-19 23:02 . 2008-01-21 11:52 8047896 ----a-w- c:\program files\rminstall.exe
2009-07-19 17:35 . 2009-07-19 17:35 46382 ----a-w- c:\program files\profile-1.jpg
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 18:31 . 2008-01-21 11:48 -------- d-----w- c:\program files\HyperSnap 6
2009-07-01 17:06 . 2008-01-21 11:48 5468064 ----a-w- c:\program files\HS6Setup.exe
2009-06-29 02:53 . 2009-06-29 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-29 02:53 . 2009-06-29 02:53 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-25 22:55 . 2008-01-20 21:32 -------- d-----w- c:\documents and settings\Al\Application Data\SecondLife
2009-06-25 17:48 . 2008-07-23 19:31 5021800 ----a-w- c:\program files\SweetImSetup.exe
2009-06-24 00:30 . 2009-06-24 00:30 -------- d-----w- c:\program files\QuickSnooker 7
2009-06-24 00:29 . 2009-06-24 00:29 6175866 ----a-w- c:\program files\qs7setup.exe
2009-06-19 05:43 . 2009-03-20 17:34 -------- d-----w- c:\documents and settings\Al\Application Data\ContentGuard
2009-06-19 05:43 . 2009-03-20 17:34 188501 ----a-w- c:\documents and settings\Al\Application Data\ContentGuard\CGGuard2.dll
2009-06-18 19:41 . 2008-01-18 07:55 93440 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\stjelogo
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\stjedise
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\starjout
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\starjedi
2009-06-18 17:22 . 2009-06-18 17:22 -------- d-----w- c:\windows\Fonts\gif
2009-06-18 16:30 . 2009-06-18 16:30 -------- d-----w- c:\program files\fc_setup_
2009-06-18 16:29 . 2009-06-18 16:29 -------- d-----w- c:\program files\FreeCommander
2009-06-18 16:27 . 2009-06-18 16:27 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 00:47 . 2009-06-16 00:47 23190736 ----a-w- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-06-09 22:07 . 2009-06-18 17:05 105884 ----a-w- c:\windows\Fonts\genie_Font.ttf
2009-06-09 18:03 . 2009-06-18 16:59 11680 ----a-w- c:\windows\Fonts\crazy_diamond.otf
2009-06-09 17:35 . 2009-06-18 17:08 20640 ----a-w- c:\windows\Fonts\ICE_AGE.ttf
2009-06-09 15:41 . 2009-06-18 17:07 18668 ----a-w- c:\windows\Fonts\heyboy!heygirl!.ttf
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 18:31 . 2009-06-03 18:31 1878984 ----a-w- c:\documents and settings\Al\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-02 04:41 . 2009-06-02 04:41 16070968 ----a-w- c:\program files\gimp-2.6.6-i686-setup.exe
2009-05-12 22:40 . 2009-05-12 22:40 0 ----a-w- c:\windows\PowerReg.dat
2009-04-20 03:55 . 2009-04-20 03:55 807211 ----a-w- c:\program files\C19H28O2.v7.19.zip
2009-04-16 01:14 . 2009-04-16 01:13 2433024 ----a-w- c:\program files\SRO_L4_Full_Client_Downloader.exe
2009-04-15 20:56 . 2009-04-15 20:55 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-04-10 16:58 . 2008-11-26 16:31 438592 ----a-w- c:\program files\msgr9us.exe
2009-03-30 15:10 . 2009-03-30 15:09 6482600 ----a-w- c:\program files\ashampoo_burningstudio551_se.exe
2009-03-20 17:48 . 2009-03-20 17:48 1180475 ----a-w- c:\program files\lily_pond_3142326.scr
2009-03-20 17:32 . 2009-03-20 17:32 6135208 ----a-w- c:\program files\Zinio_Reader_Setup.exe
2009-03-18 00:50 . 2009-03-18 00:47 1056646770 ----a-w- c:\program files\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-03-05 23:46 . 2009-03-05 23:46 1234120 ----a-w- c:\program files\wrar380.exe
2009-02-04 18:17 . 2009-02-04 18:17 4717016 ----a-w- c:\program files\NewScientist2009Screensaver_PC.zip
2009-01-30 21:21 . 2009-01-30 21:20 3365132 ----a-w- c:\program files\qssetup.exe
2009-01-27 22:06 . 2009-01-27 22:06 1052676 ----a-w- c:\program files\NewVersion.exe
2009-01-14 01:14 . 2009-01-14 01:14 64856808 ----a-w- c:\program files\avg_ipw_stf_en_8_229a1410.exe
2008-12-24 18:30 . 2008-12-24 18:30 3446202 ----a-w- c:\program files\winterwonderlands.exe
2008-12-24 18:25 . 2008-12-24 18:25 9970673 ----a-w- c:\program files\winterw.exe
2008-12-20 07:01 . 2008-12-20 07:01 884 ----a-w- c:\program files\ebx.etd
2008-12-20 06:39 . 2008-12-20 06:39 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2008-12-13 08:30 . 2008-12-13 08:29 68756776 ----a-w- c:\program files\iTunesSetup.exe
2008-12-12 23:42 . 2008-12-12 23:41 5139160 ----a-w- c:\program files\emusic_setup_standalone.exe
2008-12-10 00:21 . 2008-12-10 00:20 19994184 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-11-09 06:39 . 2008-11-09 06:38 6426753 ----a-w- c:\program files\singles2patch_1_3esd.exe
2008-11-09 06:17 . 2008-11-09 06:15 16246442 ----a-w- c:\program files\singles2v13.zip
2008-10-18 06:17 . 2008-10-18 06:17 807352 ----a-w- c:\program files\en-jetcast-player.exe
2008-10-04 22:39 . 2008-10-04 22:39 2869264 ----a-w- c:\program files\dotNetFx35setup.exe
2008-10-04 22:27 . 2008-10-02 06:36 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-10-02 06:33 . 2008-10-02 06:33 2209516 ----a-w- c:\program files\SIsa_setup.exe
2008-08-20 07:00 . 2008-08-20 07:00 20730680 ----a-w- c:\program files\DivXBundle.exe
2008-08-20 06:52 . 2008-01-22 09:46 25740144 -c--a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-15 19:39 . 2008-08-15 19:38 257519 ----a-w- c:\program files\rlcqc2.exe
2008-08-10 06:18 . 2008-08-10 06:18 300272 ----a-w- c:\program files\MySpaceIM_Setup.exe
2008-07-23 16:17 . 2008-03-29 19:44 9956432 ----a-w- c:\program files\UtherverseSetup.exe
2008-07-08 05:17 . 2008-01-21 11:55 2481540 ----a-w- c:\program files\imgconvert.exe
2008-07-05 19:31 . 2008-07-05 19:31 4645910 ----a-w- c:\program files\Wood_Workshop_1,01_Setup.exe
2008-06-22 00:21 . 2008-06-22 00:21 1951432 ----a-w- c:\program files\ppviewer.exe
2008-06-22 00:14 . 2008-06-22 00:14 324888 -c--a-w- c:\program files\TestDriveWizard-v1.2.1.exe
2008-05-31 02:41 . 2008-05-31 02:41 786432 ----a-w- c:\program files\di524_firmware_123.bin
2008-05-30 22:41 . 2008-05-30 22:41 54123192 ----a-w- c:\program files\avg_ipw_stf_en_8_93a1300.exe
2008-05-15 16:32 . 2008-05-15 15:45 462183314 -c--a-w- c:\program files\SinglesAO_Setup.exe
2008-05-15 15:45 . 2008-05-15 14:55 458251690 -c--a-w- c:\program files\Singles2_Setup_1.40.exe
2008-05-09 05:19 . 2008-05-09 05:18 2069934 ----a-w- c:\program files\Earth-Setup.exe
2008-05-09 05:12 . 2008-05-09 05:11 2124162 ----a-w- c:\program files\3dfish394cn.exe
2008-05-09 04:55 . 2008-05-09 04:55 36435440 ----a-w- c:\program files\071214_ATI_2000xp.exe
2008-05-09 04:52 . 2008-05-09 04:52 50510847 ----a-w- c:\program files\071214_ATI_xp64bit.exe
2008-05-02 15:25 . 2008-05-02 15:24 63905424 ----a-w- c:\program files\avg_iswt_stf_all_8_93a1293_fc.exe
2008-04-27 00:04 . 2008-04-27 00:04 1534052 ----a-w- c:\program files\imgmerge.exe
2008-04-27 00:00 . 2008-04-27 00:00 1434989 ----a-w- c:\program files\merge20.exe
2008-03-26 20:14 . 2008-03-26 20:13 3773756 ----a-w- c:\program files\KLR009.exe
2008-03-10 00:31 . 2008-03-10 00:30 13413048 ----a-w- c:\program files\Google_Earth_BZXV.exe
2008-01-23 23:55 . 2008-01-23 23:54 482355064 ----a-w- c:\program files\RLCVipSetup.exe
2008-01-22 09:53 . 2008-01-22 09:53 8774592 -c--a-w- c:\program files\ShareazaV4.exe
2008-01-22 09:44 . 2008-01-22 09:44 9278904 ----a-w- c:\program files\BearShareV6.exe
2008-01-21 11:45 . 2008-01-21 11:45 4220855 ----a-w- c:\program files\iuydskj987ds.exe
2008-01-21 11:36 . 2008-01-21 11:36 16955400 ----a-w- c:\program files\sdsetup.exe
2008-01-21 02:24 . 2008-01-21 02:22 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
2008-01-21 01:25 . 2008-01-21 01:25 2246525 -c--a-w- c:\program files\TheGeneral-Password-Setup.exe
2008-01-20 21:14 . 2008-01-20 21:14 423736 ----a-w- c:\program files\avgarkt-setup-1.1.0.42.exe
2009-07-17 22:05 . 2009-07-16 06:52 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-03-26 18:38 641464 ----a-w- c:\program files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 21:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-08-12 131072]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"GGWallpaper"="c:\program files\BeautifulEarth\Beautiful-Earth.exe" [2008-04-17 713728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PopUpStopperProfessional"="c:\progra~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe" [2005-06-01 516096]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-05 2550272]
"Alcmtr"="ALCMTR.EXE" - c:\windows\ALCMTR.EXE [2004-07-02 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\Al\Start Menu\Programs\Startup\
HyperSnap 6.lnk - c:\program files\HyperSnap 6\HprSnap6.exe [2008-1-21 4613456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 00:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Al^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\SRO_L4_Full_Client_Downloader.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/2/2008 09:01 12552]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [1/18/2008 09:12 24971]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/30/2009 21:45 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/2/2008 09:01 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/2/2008 09:01 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/23/2008 08:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/2/2008 09:00 297752]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\system32\drivers\TSSFSFD.sys [4/22/2009 15:23 85120]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\drivers\TSSFLT.sys [4/22/2009 15:23 85120]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 19:19 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/19/2008 23:37 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/21/2008 04:36 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
BHO-{548821F3-AA56-49B5-9B8E-186CB6ECD61A} - (no file)
BHO-{A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
HKCU-Run-BPSDataShredder - c:\program files\BulletProofSoft.com\BPS Data Shredder\BPSDataShredder.exe
SSODL-ChkComponent-{121a32f0-d421-42c0-b889-74d0c87172fa} - (no file)
SSODL-VolumePrx-{06ae3f58-b1ed-4848-874f-e7a5bc1caeeb} - (no file)
Notify-khfGxWnN - khfGxWnN.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://superfastcomputer.com/resources.html
uInternet Settings,ProxyOverride = *.local
DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} - hxxp://trinity.dlsite.com/activex/trilicdl.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\sest519a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://superfastcomputer.com/resources.html
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 09:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Common Files\Zinio\ZShext.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-08-05 9:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 16:06

Pre-Run: 267,165,700,096 bytes free
Post-Run: 268,355,682,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

455 --- E O F --- 2009-07-30 14:30

#9 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 05 August 2009 - 03:10 PM

DDS.txt:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Al at 13:00:53.45 on Wed 08/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.753 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BeautifulEarth\Beautiful-Earth.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Al\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://superfastcomputer.com/resources.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [GGWallpaper] c:\program files\beautifulearth\Beautiful-Earth.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PopUpStopperProfessional] "c:\progra~1\panicw~1\pop-up~1\PopUpStopperProfessional.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\al\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap 6\HprSnap6.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} - hxxp://trinity.dlsite.com/activex/trilicdl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209423701515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\sest519a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://superfastcomputer.com/resources.html
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-2 12552]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-1-18 24971]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-30 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-23 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-2 297752]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-1-21 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-1-21 1095560]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\system32\drivers\TSSFSFD.sys [2009-4-22 85120]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\drivers\TSSFLT.sys [2009-4-22 85120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-19 33752]

=============== Created Last 30 ================

2009-08-05 09:05 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-05 08:42 <DIR> a-dshr-- C:\cmdcons
2009-08-05 08:35 219,648 a------- c:\windows\PEV.exe
2009-08-05 08:35 161,792 a------- c:\windows\SWREG.exe
2009-08-05 08:35 98,816 a------- c:\windows\sed.exe
2009-08-03 08:41 3,154,522 a----r-- c:\program files\ComboFix.exe
2009-07-23 11:14 4,081,725 a------- c:\windows\pfirewall.log.old
2009-07-20 22:16 <DIR> --d----- c:\program files\iPod
2009-07-20 22:16 <DIR> --d----- c:\program files\iTunes
2009-07-19 16:14 <DIR> --d----- c:\docume~1\al\applic~1\WinPatrol
2009-07-19 16:14 <DIR> --d----- c:\program files\BillP Studios
2009-07-19 16:13 730,256 a------- c:\program files\wpsetup.exe
2009-07-19 13:34 <DIR> --d----- c:\program files\backups
2009-07-19 13:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-19 13:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-19 13:23 16,409,960 a------- c:\program files\spybotsd162.exe
2009-07-19 13:14 63 a------- c:\windows\system\SysSD.dll
2009-07-19 13:12 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-07-19 13:12 <DIR> --d----- c:\program files\SpywareDetector
2009-07-19 13:09 7,327,392 a------- c:\program files\spywaredetector.exe
2009-07-19 10:01 92,672 a------- c:\windows\system32\KillBox.exe
2009-07-18 12:37 <DIR> --d----- c:\program files\Panicware
2009-07-18 12:37 1,680,112 a------- c:\program files\PopUpStopperProfessional.exe
2009-07-17 08:19 15,157 -------- c:\windows\KB969897-IE8.cat
2009-07-16 15:32 <DIR> -cd-h--- c:\windows\ie8
2009-07-16 15:28 <DIR> --d----- C:\494f5209c09fd5152601
2009-07-15 23:51 8,114,720 a------- c:\program files\Firefox Setup 3.5.exe
2009-07-15 14:15 401,720 a------- c:\program files\hijackthis.exe
2009-07-15 14:14 472 a------- c:\windows\wininit.ini
2009-07-15 14:13 <DIR> --d----- C:\!KillBox
2009-07-15 14:09 787,000 a------- c:\program files\PREVXCSIFREE.EXE
2009-07-15 14:00 92,672 a------- c:\program files\KillBox.exe
2009-07-12 16:53 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-12 16:53 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-08-05 12:59 35,466 a------- c:\program files\Combofix log.txt
2009-07-28 17:33 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-28 17:33 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 11:30 10,949 a------- c:\program files\hijackthis.log
2009-07-19 16:02 8,047,896 a------- c:\program files\rminstall.exe
2009-07-19 10:35 46,382 a------- c:\program files\profile-1.jpg
2009-07-19 10:06 5,154,304 a------- c:\program files\WindowsDefender.msi
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-01 10:06 5,468,064 a------- c:\program files\HS6Setup.exe
2009-06-25 10:48 5,021,800 a------- c:\program files\SweetImSetup.exe
2009-06-23 17:29 6,175,866 a------- c:\program files\qs7setup.exe
2009-06-18 09:27 2,474,531 a------- c:\program files\fc_setup_.zip
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 17:47 23,190,736 a------- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 21:41 16,070,968 a------- c:\program files\gimp-2.6.6-i686-setup.exe
2009-04-19 20:55 807,211 a------- c:\program files\C19H28O2.v7.19.zip
2009-04-15 18:14 2,433,024 a------- c:\program files\SRO_L4_Full_Client_Downloader.exe
2009-04-15 13:56 16,742,799 a------- c:\program files\vlc-0.9.9-win32.exe
2009-04-10 09:58 438,592 a------- c:\program files\msgr9us.exe
2009-03-30 08:10 6,482,600 a------- c:\program files\ashampoo_burningstudio551_se.exe
2009-03-20 10:48 1,180,475 a------- c:\program files\lily_pond_3142326.scr
2009-03-20 10:32 6,135,208 a------- c:\program files\Zinio_Reader_Setup.exe
2009-03-17 17:50 1,056,646,770 a------- c:\program files\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-03-05 16:46 1,234,120 a------- c:\program files\wrar380.exe
2009-02-04 11:17 4,717,016 a------- c:\program files\NewScientist2009Screensaver_PC.zip
2009-01-30 14:21 3,365,132 a------- c:\program files\qssetup.exe
2009-01-27 15:06 1,052,676 a------- c:\program files\NewVersion.exe
2009-01-13 18:14 64,856,808 a------- c:\program files\avg_ipw_stf_en_8_229a1410.exe
2008-12-24 11:30 3,446,202 a------- c:\program files\winterwonderlands.exe
2008-12-24 11:25 9,970,673 a------- c:\program files\winterw.exe
2008-12-20 00:01 884 a------- c:\program files\ebx.etd
2008-12-19 23:39 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-12-13 01:30 68,756,776 a------- c:\program files\iTunesSetup.exe
2008-12-12 16:42 5,139,160 a------- c:\program files\emusic_setup_standalone.exe
2008-12-09 17:21 19,994,184 a------- c:\program files\QuickTimeInstaller.exe
2008-11-08 23:39 6,426,753 a------- c:\program files\singles2patch_1_3esd.exe
2008-11-08 23:17 16,246,442 a------- c:\program files\singles2v13.zip
2008-10-17 23:17 807,352 a------- c:\program files\en-jetcast-player.exe
2008-10-04 15:39 2,869,264 a------- c:\program files\dotNetFx35setup.exe
2008-10-04 15:27 23,510,720 a------- c:\program files\dotnetfx.exe
2008-10-01 23:33 2,209,516 a------- c:\program files\SIsa_setup.exe
2008-08-20 00:00 20,730,680 a------- c:\program files\DivXBundle.exe
2008-08-19 23:52 25,740,144 ac------ c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-15 12:39 257,519 a------- c:\program files\rlcqc2.exe
2008-08-09 23:18 300,272 a------- c:\program files\MySpaceIM_Setup.exe
2008-07-23 09:17 9,956,432 a------- c:\program files\UtherverseSetup.exe
2008-07-07 22:17 2,481,540 a------- c:\program files\imgconvert.exe
2008-07-05 12:31 4,645,910 a------- c:\program files\Wood_Workshop_1,01_Setup.exe
2008-06-21 17:21 1,951,432 a------- c:\program files\ppviewer.exe
2008-06-21 17:14 324,888 ac------ c:\program files\TestDriveWizard-v1.2.1.exe
2008-05-30 19:41 786,432 a------- c:\program files\di524_firmware_123.bin
2008-05-30 15:41 54,123,192 a------- c:\program files\avg_ipw_stf_en_8_93a1300.exe
2008-05-15 09:32 462,183,314 ac------ c:\program files\SinglesAO_Setup.exe
2008-05-15 08:45 458,251,690 ac------ c:\program files\Singles2_Setup_1.40.exe
2008-05-08 22:19 2,069,934 a------- c:\program files\Earth-Setup.exe
2008-05-08 22:12 2,124,162 a------- c:\program files\3dfish394cn.exe
2008-05-08 21:55 36,435,440 a------- c:\program files\071214_ATI_2000xp.exe
2008-05-08 21:52 50,510,847 a------- c:\program files\071214_ATI_xp64bit.exe
2008-05-02 08:25 63,905,424 a------- c:\program files\avg_iswt_stf_all_8_93a1293_fc.exe
2008-04-26 17:04 1,534,052 a------- c:\program files\imgmerge.exe
2008-04-26 17:00 1,434,989 a------- c:\program files\merge20.exe
2008-03-26 13:14 3,773,756 a------- c:\program files\KLR009.exe
2008-03-09 17:31 13,413,048 a------- c:\program files\Google_Earth_BZXV.exe
2008-01-23 16:55 482,355,064 a------- c:\program files\RLCVipSetup.exe
2008-01-22 02:53 8,774,592 ac------ c:\program files\ShareazaV4.exe
2008-01-22 02:44 9,278,904 a------- c:\program files\BearShareV6.exe
2008-01-21 04:45 4,220,855 a------- c:\program files\iuydskj987ds.exe
2008-01-21 04:36 16,955,400 a------- c:\program files\sdsetup.exe
2008-01-20 19:24 6,026,816 a------- c:\program files\Firefox Setup 2.0.0.11.exe
2008-01-20 18:25 2,246,525 ac------ c:\program files\TheGeneral-Password-Setup.exe
2008-01-20 14:14 423,736 a------- c:\program files\avgarkt-setup-1.1.0.42.exe
2008-01-20 13:53 437,392 a------- c:\program files\msgr8us.exe

============= FINISH: 13:02:08.42 ===============

#10 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 05 August 2009 - 03:30 PM

I see combofix got rid of my data shredder even though I've never had a problem with Bulletproof software.

And I still get popups. :thumbup2:

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:06 AM

Posted 06 August 2009 - 06:06 PM

Hello Anna,

I see combofix got rid of my data shredder even though I've never had a problem with Bulletproof software.

It's because Bulletproof software is considered as fraudulent program. Please read details HERE.


1. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:


How to see hidden files in Windows
Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\program files\C19H28O2.v7.19.zip
c:\program files\NewVersion.exe
c:\program files\SIsa_setup.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



2. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\spywaredetector.exe
c:\windows\system32\KillBox.exe
c:\windows\system\SysSD.dll
c:\program files\wrar380.exe
c:\program files\iuydskj987ds.exe
c:\program files\TheGeneral-Password-Setup.exe

Folder::
c:\program files\SpywareDetector
c:\documents and settings\Al\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Al\Local Settings\Application Data\Media Access Startup
c:\program files\System Search Dispatcher
c:\program files\DoubleD
c:\documents and settings\Al\Local Settings\Application Data\DoubleD

DDS::
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


3. Please create a fresh DDS log. Post the DDS.text and attach the attach.text when you reply.


~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 08 August 2009 - 02:06 AM

Jotti found nothing in those 3 files.

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:06 AM

Posted 08 August 2009 - 10:02 AM

Please post the logs of steps 2 and 3.

Regards,
~Semp :thumbup2:

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 08 August 2009 - 01:40 PM

ComboFix 09-08-07.09 - Al 08/08/2009 12:14.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.869 [GMT -7:00]
Running from: c:\program files\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-03 15:41 . 2009-08-08 07:13 3123762 ----a-r- c:\program files\ComboFix.exe
2009-08-03 05:57 . 2009-08-03 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-29 00:33 . 2009-07-17 15:07 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-07-29 00:33 . 2009-07-17 15:07 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-29 00:33 . 2009-07-17 15:07 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-21 05:16 . 2009-07-21 05:16 -------- d-----w- c:\program files\iPod
2009-07-21 05:16 . 2009-07-21 05:17 -------- d-----w- c:\program files\iTunes
2009-07-21 05:11 . 2009-07-21 05:11 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 04:54 . 2009-07-21 04:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-19 23:14 . 2009-07-19 23:14 -------- d-----w- c:\documents and settings\Al\Application Data\WinPatrol
2009-07-19 23:14 . 2009-07-19 22:59 0 ----a-w- c:\documents and settings\Al\Application Data\WinPatrol\Autoexec.bat
2009-07-19 23:14 . 2008-01-18 07:44 0 ----a-w- c:\documents and settings\Al\Application Data\WinPatrol\Config.sys
2009-07-19 23:14 . 2009-07-19 23:14 -------- d-----w- c:\program files\BillP Studios
2009-07-19 23:13 . 2009-07-19 23:13 730256 ----a-w- c:\program files\wpsetup.exe
2009-07-19 20:34 . 2009-07-19 20:34 -------- d-----w- c:\program files\backups
2009-07-19 20:25 . 2009-07-19 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 20:25 . 2009-07-19 20:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-19 20:23 . 2009-07-19 20:23 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-07-19 20:14 . 2009-07-19 20:14 63 ----a-w- c:\windows\system\SysSD.dll
2009-07-19 20:12 . 2005-06-14 19:09 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-19 20:12 . 2009-07-19 21:58 -------- d-----w- c:\program files\SpywareDetector
2009-07-19 20:09 . 2009-07-19 20:09 7327392 ----a-w- c:\program files\spywaredetector.exe
2009-07-19 17:59 . 2009-07-19 18:26 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 17:08 . 2009-07-19 17:08 -------- d-----w- c:\program files\Windows Defender
2009-07-19 17:05 . 2009-07-19 17:06 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-07-19 17:01 . 2009-07-15 21:00 92672 ----a-w- c:\windows\system32\KillBox.exe
2009-07-18 19:37 . 2009-07-18 19:37 -------- d-----w- c:\program files\Panicware
2009-07-18 19:37 . 2009-07-18 19:37 1680112 ----a-w- c:\program files\PopUpStopperProfessional.exe
2009-07-17 15:07 . 2009-07-17 15:07 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-16 22:32 . 2009-07-16 22:34 -------- dc-h--w- c:\windows\ie8
2009-07-16 22:28 . 2009-07-16 22:28 -------- d-----w- C:\494f5209c09fd5152601
2009-07-16 06:51 . 2009-07-16 06:51 8114720 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-15 21:15 . 2009-07-15 21:15 401720 ----a-w- c:\program files\hijackthis.exe
2009-07-15 21:13 . 2009-07-15 21:13 -------- d-----w- C:\!KillBox
2009-07-15 21:09 . 2009-07-15 21:09 787000 ----a-w- c:\program files\PREVXCSIFREE.EXE
2009-07-15 21:00 . 2009-07-15 21:00 92672 ----a-w- c:\program files\KillBox.exe
2009-07-12 23:54 . 2009-07-12 23:54 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\Internet Saving Optimizer
2009-07-12 23:54 . 2009-07-16 01:29 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\Media Access Startup
2009-07-12 23:53 . 2009-07-12 23:53 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-12 23:53 . 2009-07-13 15:50 -------- d-----w- c:\program files\DoubleD
2009-07-12 23:53 . 2009-07-12 23:53 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\DoubleD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 19:11 . 2008-05-09 05:19 -------- d-----w- c:\documents and settings\Al\Application Data\BeautifulEarth
2009-08-08 07:10 . 2009-08-08 07:10 641 ----a-w- c:\program files\CFScript.txt
2009-08-07 04:35 . 2009-03-20 17:34 -------- d-----w- c:\documents and settings\Al\Application Data\ContentGuard
2009-08-06 17:25 . 2009-03-20 17:34 188501 ----a-w- c:\documents and settings\Al\Application Data\ContentGuard\CGGuard2.dll
2009-08-06 15:44 . 2008-01-21 11:45 4220855 ----a-w- c:\program files\iuydskj987ds.exe
2009-08-06 00:13 . 2008-01-21 11:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 23:42 . 2008-01-21 11:36 -------- d-----w- c:\program files\Spyware Doctor
2009-08-05 16:19 . 2008-01-22 09:44 -------- d-----w- c:\program files\BearShare Applications
2009-08-05 15:38 . 2008-05-02 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-01 01:49 . 2009-06-02 16:30 -------- d-----w- c:\documents and settings\Al\Application Data\gtk-2.0
2009-07-29 00:33 . 2008-05-02 16:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 00:33 . 2008-01-20 20:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 00:33 . 2008-05-02 16:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 18:30 . 2009-07-19 17:26 10949 ----a-w- c:\program files\hijackthis.log
2009-07-21 05:20 . 2008-12-16 06:57 -------- d-----w- c:\program files\Safari
2009-07-21 05:16 . 2008-12-13 08:32 -------- d-----w- c:\program files\Common Files\Apple
2009-07-19 23:02 . 2008-01-21 11:52 8047896 ----a-w- c:\program files\rminstall.exe
2009-07-19 17:35 . 2009-07-19 17:35 46382 ----a-w- c:\program files\profile-1.jpg
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 18:31 . 2008-01-21 11:48 -------- d-----w- c:\program files\HyperSnap 6
2009-07-01 17:06 . 2008-01-21 11:48 5468064 ----a-w- c:\program files\HS6Setup.exe
2009-06-29 02:53 . 2009-06-29 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-29 02:53 . 2009-06-29 02:53 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-25 22:55 . 2008-01-20 21:32 -------- d-----w- c:\documents and settings\Al\Application Data\SecondLife
2009-06-25 17:48 . 2008-07-23 19:31 5021800 ----a-w- c:\program files\SweetImSetup.exe
2009-06-24 00:30 . 2009-06-24 00:30 -------- d-----w- c:\program files\QuickSnooker 7
2009-06-24 00:29 . 2009-06-24 00:29 6175866 ----a-w- c:\program files\qs7setup.exe
2009-06-18 19:41 . 2008-01-18 07:55 93440 ----a-w- c:\documents and settings\Al\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\stjelogo
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\stjedise
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\starjout
2009-06-18 17:24 . 2009-06-18 17:24 -------- d-----w- c:\windows\Fonts\starjedi
2009-06-18 17:22 . 2009-06-18 17:22 -------- d-----w- c:\windows\Fonts\gif
2009-06-18 16:30 . 2009-06-18 16:30 -------- d-----w- c:\program files\fc_setup_
2009-06-18 16:29 . 2009-06-18 16:29 -------- d-----w- c:\program files\FreeCommander
2009-06-18 16:27 . 2009-06-18 16:27 2474531 ----a-w- c:\program files\fc_setup_.zip
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 00:47 . 2009-06-16 00:47 23190736 ----a-w- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-06-09 22:07 . 2009-06-18 17:05 105884 ----a-w- c:\windows\Fonts\genie_Font.ttf
2009-06-09 18:03 . 2009-06-18 16:59 11680 ----a-w- c:\windows\Fonts\crazy_diamond.otf
2009-06-09 17:35 . 2009-06-18 17:08 20640 ----a-w- c:\windows\Fonts\ICE_AGE.ttf
2009-06-09 15:41 . 2009-06-18 17:07 18668 ----a-w- c:\windows\Fonts\heyboy!heygirl!.ttf
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 18:31 . 2009-06-03 18:31 1878984 ----a-w- c:\documents and settings\Al\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-02 04:41 . 2009-06-02 04:41 16070968 ----a-w- c:\program files\gimp-2.6.6-i686-setup.exe
2009-05-12 22:40 . 2009-05-12 22:40 0 ----a-w- c:\windows\PowerReg.dat
2009-04-20 03:55 . 2009-04-20 03:55 807211 ----a-w- c:\program files\C19H28O2.v7.19.zip
2009-04-16 01:14 . 2009-04-16 01:13 2433024 ----a-w- c:\program files\SRO_L4_Full_Client_Downloader.exe
2009-04-15 20:56 . 2009-04-15 20:55 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-04-10 16:58 . 2008-11-26 16:31 438592 ----a-w- c:\program files\msgr9us.exe
2009-03-30 15:10 . 2009-03-30 15:09 6482600 ----a-w- c:\program files\ashampoo_burningstudio551_se.exe
2009-03-20 17:48 . 2009-03-20 17:48 1180475 ----a-w- c:\program files\lily_pond_3142326.scr
2009-03-20 17:32 . 2009-03-20 17:32 6135208 ----a-w- c:\program files\Zinio_Reader_Setup.exe
2009-03-18 00:50 . 2009-03-18 00:47 1056646770 ----a-w- c:\program files\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-03-05 23:46 . 2009-03-05 23:46 1234120 ----a-w- c:\program files\wrar380.exe
2009-02-04 18:17 . 2009-02-04 18:17 4717016 ----a-w- c:\program files\NewScientist2009Screensaver_PC.zip
2009-01-30 21:21 . 2009-01-30 21:20 3365132 ----a-w- c:\program files\qssetup.exe
2009-01-27 22:06 . 2009-01-27 22:06 1052676 ----a-w- c:\program files\NewVersion.exe
2009-01-14 01:14 . 2009-01-14 01:14 64856808 ----a-w- c:\program files\avg_ipw_stf_en_8_229a1410.exe
2008-12-24 18:30 . 2008-12-24 18:30 3446202 ----a-w- c:\program files\winterwonderlands.exe
2008-12-24 18:25 . 2008-12-24 18:25 9970673 ----a-w- c:\program files\winterw.exe
2008-12-20 07:01 . 2008-12-20 07:01 884 ----a-w- c:\program files\ebx.etd
2008-12-20 06:39 . 2008-12-20 06:39 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2008-12-13 08:30 . 2008-12-13 08:29 68756776 ----a-w- c:\program files\iTunesSetup.exe
2008-12-12 23:42 . 2008-12-12 23:41 5139160 ----a-w- c:\program files\emusic_setup_standalone.exe
2008-12-10 00:21 . 2008-12-10 00:20 19994184 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-11-09 06:39 . 2008-11-09 06:38 6426753 ----a-w- c:\program files\singles2patch_1_3esd.exe
2008-11-09 06:17 . 2008-11-09 06:15 16246442 ----a-w- c:\program files\singles2v13.zip
2008-10-18 06:17 . 2008-10-18 06:17 807352 ----a-w- c:\program files\en-jetcast-player.exe
2008-10-04 22:39 . 2008-10-04 22:39 2869264 ----a-w- c:\program files\dotNetFx35setup.exe
2008-10-04 22:27 . 2008-10-02 06:36 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-10-02 06:33 . 2008-10-02 06:33 2209516 ----a-w- c:\program files\SIsa_setup.exe
2008-08-20 07:00 . 2008-08-20 07:00 20730680 ----a-w- c:\program files\DivXBundle.exe
2008-08-20 06:52 . 2008-01-22 09:46 25740144 -c--a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-15 19:39 . 2008-08-15 19:38 257519 ----a-w- c:\program files\rlcqc2.exe
2008-08-10 06:18 . 2008-08-10 06:18 300272 ----a-w- c:\program files\MySpaceIM_Setup.exe
2008-07-23 16:17 . 2008-03-29 19:44 9956432 ----a-w- c:\program files\UtherverseSetup.exe
2008-07-08 05:17 . 2008-01-21 11:55 2481540 ----a-w- c:\program files\imgconvert.exe
2008-07-05 19:31 . 2008-07-05 19:31 4645910 ----a-w- c:\program files\Wood_Workshop_1,01_Setup.exe
2008-06-22 00:21 . 2008-06-22 00:21 1951432 ----a-w- c:\program files\ppviewer.exe
2008-06-22 00:14 . 2008-06-22 00:14 324888 -c--a-w- c:\program files\TestDriveWizard-v1.2.1.exe
2008-05-31 02:41 . 2008-05-31 02:41 786432 ----a-w- c:\program files\di524_firmware_123.bin
2008-05-30 22:41 . 2008-05-30 22:41 54123192 ----a-w- c:\program files\avg_ipw_stf_en_8_93a1300.exe
2008-05-15 16:32 . 2008-05-15 15:45 462183314 -c--a-w- c:\program files\SinglesAO_Setup.exe
2008-05-15 15:45 . 2008-05-15 14:55 458251690 -c--a-w- c:\program files\Singles2_Setup_1.40.exe
2008-05-09 05:19 . 2008-05-09 05:18 2069934 ----a-w- c:\program files\Earth-Setup.exe
2008-05-09 05:12 . 2008-05-09 05:11 2124162 ----a-w- c:\program files\3dfish394cn.exe
2008-05-09 04:55 . 2008-05-09 04:55 36435440 ----a-w- c:\program files\071214_ATI_2000xp.exe
2008-05-09 04:52 . 2008-05-09 04:52 50510847 ----a-w- c:\program files\071214_ATI_xp64bit.exe
2008-05-02 15:25 . 2008-05-02 15:24 63905424 ----a-w- c:\program files\avg_iswt_stf_all_8_93a1293_fc.exe
2008-04-27 00:04 . 2008-04-27 00:04 1534052 ----a-w- c:\program files\imgmerge.exe
2008-04-27 00:00 . 2008-04-27 00:00 1434989 ----a-w- c:\program files\merge20.exe
2008-03-26 20:14 . 2008-03-26 20:13 3773756 ----a-w- c:\program files\KLR009.exe
2008-03-10 00:31 . 2008-03-10 00:30 13413048 ----a-w- c:\program files\Google_Earth_BZXV.exe
2008-01-23 23:55 . 2008-01-23 23:54 482355064 ----a-w- c:\program files\RLCVipSetup.exe
2008-01-22 09:53 . 2008-01-22 09:53 8774592 -c--a-w- c:\program files\ShareazaV4.exe
2008-01-22 09:44 . 2008-01-22 09:44 9278904 ----a-w- c:\program files\BearShareV6.exe
2008-01-21 11:36 . 2008-01-21 11:36 16955400 ----a-w- c:\program files\sdsetup.exe
2008-01-21 02:24 . 2008-01-21 02:22 6026816 ----a-w- c:\program files\Firefox Setup 2.0.0.11.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 21:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-08-12 131072]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"GGWallpaper"="c:\program files\BeautifulEarth\Beautiful-Earth.exe" [2008-04-17 713728]
"PopUpStopperProfessional"="c:\progra~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe" [2005-06-01 516096]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"BPSDataShredder"="c:\program files\BulletProofSoft.com\BPS Data Shredder\BPSDataShredder.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-05 2550272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\Al\Start Menu\Programs\Startup\
HyperSnap 6.lnk - c:\program files\HyperSnap 6\HprSnap6.exe [2008-1-21 4613456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 00:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxWnN]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Al^Start Menu^Programs^Startup^WordWeb Pro.lnk]
backup=c:\windows\pss\WordWeb Pro.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\SRO_L4_Full_Client_Downloader.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/2/2008 09:01 12552]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [1/18/2008 09:12 24971]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/30/2009 21:45 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/2/2008 09:01 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/2/2008 09:01 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/23/2008 08:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/2/2008 09:00 297752]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\system32\drivers\TSSFSFD.sys [4/22/2009 15:23 85120]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\drivers\TSSFLT.sys [4/22/2009 15:23 85120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 19:19 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/19/2008 23:37 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/21/2008 04:36 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-08-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{548821F3-AA56-49B5-9B8E-186CB6ECD61A} - (no file)
BHO-{DD1849EA-8403-4441-8DFF-7575AAE1DC16} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://superfastcomputer.com/resources.html
uInternet Settings,ProxyOverride = *.local
DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} - hxxp://trinity.dlsite.com/activex/trilicdl.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\sest519a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://superfastcomputer.com/resources.html
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 12:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-08 12:29
ComboFix-quarantined-files.txt 2009-08-08 19:29
ComboFix2.txt 2009-08-08 19:01
ComboFix3.txt 2009-08-05 16:06

Pre-Run: 268,179,279,872 bytes free
Post-Run: 268,171,567,104 bytes free

352 --- E O F --- 2009-08-07 06:10

Edited by Anna G, 08 August 2009 - 02:35 PM.


#15 Anna G

Anna G
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 08 August 2009 - 02:40 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Al at 12:36:28.14 on Sat 08/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.688 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Al\Local Settings\Temporary Internet Files\Content.IE5\CJLKRJ1M\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://superfastcomputer.com/resources.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {548821F3-AA56-49B5-9B8E-186CB6ECD61A} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - No File
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - No File
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [GGWallpaper] c:\program files\beautifulearth\Beautiful-Earth.exe
uRun: [PopUpStopperProfessional] "c:\progra~1\panicw~1\pop-up~1\PopUpStopperProfessional.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BPSDataShredder] c:\program files\bulletproofsoft.com\bps data shredder\BPSDataShredder.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\al\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap 6\HprSnap6.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {043B9E31-EF8D-4986-9B1E-D335CFEB1491} - hxxp://trinity.dlsite.com/activex/trilicdl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209423701515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\al\applic~1\mozilla\firefox\profiles\sest519a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://superfastcomputer.com/resources.html
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-2 12552]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-1-18 24971]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-30 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-20 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-23 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-2 297752]
R2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\system32\drivers\TSSFSFD.sys [2009-4-22 85120]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\drivers\TSSFLT.sys [2009-4-22 85120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-19 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-1-21 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-1-21 1095560]

=============== Created Last 30 ================

2009-08-08 12:13 <DIR> --ds---- C:\ComboFix
2009-08-05 09:05 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-05 08:42 <DIR> a-dshr-- C:\cmdcons
2009-08-05 08:35 216,064 a------- c:\windows\PEV.exe
2009-08-05 08:35 161,792 a------- c:\windows\SWREG.exe
2009-08-05 08:35 98,816 a------- c:\windows\sed.exe
2009-08-03 08:41 3,123,762 a----r-- c:\program files\ComboFix.exe
2009-07-23 11:14 3,989,376 a------- c:\windows\pfirewall.log.old
2009-07-20 22:16 <DIR> --d----- c:\program files\iPod
2009-07-20 22:16 <DIR> --d----- c:\program files\iTunes
2009-07-19 16:14 <DIR> --d----- c:\docume~1\al\applic~1\WinPatrol
2009-07-19 16:14 <DIR> --d----- c:\program files\BillP Studios
2009-07-19 16:13 730,256 a------- c:\program files\wpsetup.exe
2009-07-19 13:34 <DIR> --d----- c:\program files\backups
2009-07-19 13:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-19 13:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-19 13:23 16,409,960 a------- c:\program files\spybotsd162.exe
2009-07-19 13:14 63 a------- c:\windows\system\SysSD.dll
2009-07-19 13:12 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-07-19 13:12 <DIR> --d----- c:\program files\SpywareDetector
2009-07-19 13:09 7,327,392 a------- c:\program files\spywaredetector.exe
2009-07-19 10:01 92,672 a------- c:\windows\system32\KillBox.exe
2009-07-18 12:37 <DIR> --d----- c:\program files\Panicware
2009-07-18 12:37 1,680,112 a------- c:\program files\PopUpStopperProfessional.exe
2009-07-17 08:19 15,157 -------- c:\windows\KB969897-IE8.cat
2009-07-16 15:32 <DIR> -cd-h--- c:\windows\ie8
2009-07-16 15:28 <DIR> --d----- C:\494f5209c09fd5152601
2009-07-15 23:51 8,114,720 a------- c:\program files\Firefox Setup 3.5.exe
2009-07-15 14:15 401,720 a------- c:\program files\hijackthis.exe
2009-07-15 14:14 472 a------- c:\windows\wininit.ini
2009-07-15 14:13 <DIR> --d----- C:\!KillBox
2009-07-15 14:09 787,000 a------- c:\program files\PREVXCSIFREE.EXE
2009-07-15 14:00 92,672 a------- c:\program files\KillBox.exe
2009-07-12 16:53 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-12 16:53 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-08-08 00:10 641 a------- c:\program files\CFScript.txt
2009-08-06 08:44 4,220,855 a------- c:\program files\iuydskj987ds.exe
2009-07-28 17:33 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-28 17:33 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 11:30 10,949 a------- c:\program files\hijackthis.log
2009-07-19 16:02 8,047,896 a------- c:\program files\rminstall.exe
2009-07-19 10:35 46,382 a------- c:\program files\profile-1.jpg
2009-07-19 10:06 5,154,304 a------- c:\program files\WindowsDefender.msi
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-01 10:06 5,468,064 a------- c:\program files\HS6Setup.exe
2009-06-25 10:48 5,021,800 a------- c:\program files\SweetImSetup.exe
2009-06-23 17:29 6,175,866 a------- c:\program files\qs7setup.exe
2009-06-18 09:27 2,474,531 a------- c:\program files\fc_setup_.zip
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 17:47 23,190,736 a------- c:\program files\Second_Life_1-23-4-123908_Setup.exe
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 21:41 16,070,968 a------- c:\program files\gimp-2.6.6-i686-setup.exe
2009-04-19 20:55 807,211 a------- c:\program files\C19H28O2.v7.19.zip
2009-04-15 18:14 2,433,024 a------- c:\program files\SRO_L4_Full_Client_Downloader.exe
2009-04-15 13:56 16,742,799 a------- c:\program files\vlc-0.9.9-win32.exe
2009-04-10 09:58 438,592 a------- c:\program files\msgr9us.exe
2009-03-30 08:10 6,482,600 a------- c:\program files\ashampoo_burningstudio551_se.exe
2009-03-20 10:48 1,180,475 a------- c:\program files\lily_pond_3142326.scr
2009-03-20 10:32 6,135,208 a------- c:\program files\Zinio_Reader_Setup.exe
2009-03-17 17:50 1,056,646,770 a------- c:\program files\SilkroadOnline_GlobalOfficial_v1_180.exe
2009-03-05 16:46 1,234,120 a------- c:\program files\wrar380.exe
2009-02-04 11:17 4,717,016 a------- c:\program files\NewScientist2009Screensaver_PC.zip
2009-01-30 14:21 3,365,132 a------- c:\program files\qssetup.exe
2009-01-27 15:06 1,052,676 a------- c:\program files\NewVersion.exe
2009-01-13 18:14 64,856,808 a------- c:\program files\avg_ipw_stf_en_8_229a1410.exe
2008-12-24 11:30 3,446,202 a------- c:\program files\winterwonderlands.exe
2008-12-24 11:25 9,970,673 a------- c:\program files\winterw.exe
2008-12-20 00:01 884 a------- c:\program files\ebx.etd
2008-12-19 23:39 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-12-13 01:30 68,756,776 a------- c:\program files\iTunesSetup.exe
2008-12-12 16:42 5,139,160 a------- c:\program files\emusic_setup_standalone.exe
2008-12-09 17:21 19,994,184 a------- c:\program files\QuickTimeInstaller.exe
2008-11-08 23:39 6,426,753 a------- c:\program files\singles2patch_1_3esd.exe
2008-11-08 23:17 16,246,442 a------- c:\program files\singles2v13.zip
2008-10-17 23:17 807,352 a------- c:\program files\en-jetcast-player.exe
2008-10-04 15:39 2,869,264 a------- c:\program files\dotNetFx35setup.exe
2008-10-04 15:27 23,510,720 a------- c:\program files\dotnetfx.exe
2008-10-01 23:33 2,209,516 a------- c:\program files\SIsa_setup.exe
2008-08-20 00:00 20,730,680 a------- c:\program files\DivXBundle.exe
2008-08-19 23:52 25,740,144 ac------ c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-15 12:39 257,519 a------- c:\program files\rlcqc2.exe
2008-08-09 23:18 300,272 a------- c:\program files\MySpaceIM_Setup.exe
2008-07-23 09:17 9,956,432 a------- c:\program files\UtherverseSetup.exe
2008-07-07 22:17 2,481,540 a------- c:\program files\imgconvert.exe
2008-07-05 12:31 4,645,910 a------- c:\program files\Wood_Workshop_1,01_Setup.exe
2008-06-21 17:21 1,951,432 a------- c:\program files\ppviewer.exe
2008-06-21 17:14 324,888 ac------ c:\program files\TestDriveWizard-v1.2.1.exe
2008-05-30 19:41 786,432 a------- c:\program files\di524_firmware_123.bin
2008-05-30 15:41 54,123,192 a------- c:\program files\avg_ipw_stf_en_8_93a1300.exe
2008-05-15 09:32 462,183,314 ac------ c:\program files\SinglesAO_Setup.exe
2008-05-15 08:45 458,251,690 ac------ c:\program files\Singles2_Setup_1.40.exe
2008-05-08 22:19 2,069,934 a------- c:\program files\Earth-Setup.exe
2008-05-08 22:12 2,124,162 a------- c:\program files\3dfish394cn.exe
2008-05-08 21:55 36,435,440 a------- c:\program files\071214_ATI_2000xp.exe
2008-05-08 21:52 50,510,847 a------- c:\program files\071214_ATI_xp64bit.exe
2008-05-02 08:25 63,905,424 a------- c:\program files\avg_iswt_stf_all_8_93a1293_fc.exe
2008-04-26 17:04 1,534,052 a------- c:\program files\imgmerge.exe
2008-04-26 17:00 1,434,989 a------- c:\program files\merge20.exe
2008-03-26 13:14 3,773,756 a------- c:\program files\KLR009.exe
2008-03-09 17:31 13,413,048 a------- c:\program files\Google_Earth_BZXV.exe
2008-01-23 16:55 482,355,064 a------- c:\program files\RLCVipSetup.exe
2008-01-22 02:53 8,774,592 ac------ c:\program files\ShareazaV4.exe
2008-01-22 02:44 9,278,904 a------- c:\program files\BearShareV6.exe
2008-01-21 04:36 16,955,400 a------- c:\program files\sdsetup.exe
2008-01-20 19:24 6,026,816 a------- c:\program files\Firefox Setup 2.0.0.11.exe
2008-01-20 18:25 2,246,525 ac------ c:\program files\TheGeneral-Password-Setup.exe
2008-01-20 14:14 423,736 a------- c:\program files\avgarkt-setup-1.1.0.42.exe
2008-01-20 13:53 437,392 a------- c:\program files\msgr8us.exe

============= FINISH: 12:37:13.45 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2008 23:46:03
System Uptime: 8/8/2009 09:09:16 (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GD1
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 775 | 3010/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 249.778 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (FAT32) - 112 GiB total, 82.958 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905\4&3356750D&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08800000&REV_0905\4&3356750D&0&0001
Service: IntcAzAudAddService

==== System Restore Points ===================

RP497: 5/10/2009 13:58:25 - System Checkpoint
RP498: 5/11/2009 14:33:12 - System Checkpoint
RP499: 5/12/2009 15:12:52 - System Checkpoint
RP500: 5/12/2009 15:34:21 - Installed Tom Clancy's Rainbow Six 3: Raven Shield
RP501: 5/13/2009 00:09:24 - Software Distribution Service 3.0
RP502: 5/13/2009 08:56:17 - Avg8 Update
RP503: 5/13/2009 08:57:52 - Avg8 Update
RP504: 5/14/2009 14:35:20 - System Checkpoint
RP505: 5/15/2009 15:30:53 - System Checkpoint
RP506: 5/16/2009 16:00:39 - System Checkpoint
RP507: 5/17/2009 18:31:00 - System Checkpoint
RP508: 5/18/2009 08:21:23 - Avg8 Update
RP509: 5/18/2009 08:22:09 - Avg8 Update
RP510: 5/19/2009 16:56:39 - System Checkpoint
RP511: 5/20/2009 23:19:59 - System Checkpoint
RP512: 5/22/2009 13:18:37 - System Checkpoint
RP513: 5/24/2009 14:16:04 - System Checkpoint
RP514: 5/25/2009 17:12:59 - System Checkpoint
RP515: 5/26/2009 17:17:50 - System Checkpoint
RP516: 5/27/2009 22:21:21 - System Checkpoint
RP517: 5/29/2009 20:47:53 - System Checkpoint
RP518: 5/30/2009 22:36:57 - System Checkpoint
RP519: 6/1/2009 14:03:35 - System Checkpoint
RP520: 6/3/2009 15:38:58 - System Checkpoint
RP521: 6/4/2009 16:38:21 - System Checkpoint
RP522: 6/5/2009 17:10:29 - System Checkpoint
RP523: 6/6/2009 08:55:30 - Software Distribution Service 3.0
RP524: 6/7/2009 17:12:47 - System Checkpoint
RP525: 6/8/2009 18:14:33 - System Checkpoint
RP526: 6/9/2009 20:10:05 - System Checkpoint
RP527: 6/10/2009 09:41:23 - Avg8 Update
RP528: 6/10/2009 09:44:52 - Avg8 Update
RP529: 6/10/2009 14:00:18 - Software Distribution Service 3.0
RP530: 6/11/2009 16:58:09 - System Checkpoint
RP531: 6/13/2009 16:24:34 - System Checkpoint
RP532: 6/16/2009 08:35:14 - Avg8 Update
RP533: 6/16/2009 08:36:16 - Avg8 Update
RP534: 6/17/2009 13:46:31 - System Checkpoint
RP535: 6/18/2009 14:31:24 - Made by Registry Mechanic O
RP536: 6/18/2009 14:31:46 - Made by Registry Mechanic O
RP537: 6/19/2009 09:50:49 - Avg8 Update
RP538: 6/21/2009 17:57:46 - System Checkpoint
RP539: 6/22/2009 18:25:32 - System Checkpoint
RP540: 6/23/2009 21:07:45 - System Checkpoint
RP541: 6/25/2009 10:49:20 - Removed SweetIM for Messenger 2.6
RP542: 6/25/2009 10:49:30 - Installed SweetIM for Messenger 2.7
RP543: 6/26/2009 17:54:52 - System Checkpoint
RP544: 6/27/2009 20:27:52 - System Checkpoint
RP545: 6/28/2009 19:53:13 - Installed Driver Detective.
RP546: 6/28/2009 21:10:55 - Installed Microsoft Visual C++ 2005 Redistributable
RP547: 6/30/2009 14:02:20 - System Checkpoint
RP548: 7/1/2009 16:02:41 - System Checkpoint
RP549: 7/2/2009 08:28:23 - Avg8 Update
RP550: 7/2/2009 08:30:17 - Avg8 Update
RP551: 7/3/2009 12:15:42 - System Checkpoint
RP552: 7/4/2009 21:22:31 - System Checkpoint
RP553: 7/6/2009 02:25:02 - System Checkpoint
RP554: 7/7/2009 21:14:50 - System Checkpoint
RP555: 7/8/2009 22:00:13 - System Checkpoint
RP556: 7/10/2009 16:50:12 - System Checkpoint
RP557: 7/11/2009 16:50:31 - System Checkpoint
RP558: 7/12/2009 17:56:56 - System Checkpoint
RP559: 7/15/2009 11:26:03 - Made by Registry Mechanic O
RP560: 7/15/2009 11:26:37 - Made by Registry Mechanic O
RP561: 7/15/2009 14:00:16 - Software Distribution Service 3.0
RP562: 7/16/2009 14:00:18 - Software Distribution Service 3.0
RP563: 7/16/2009 15:27:58 - Software Distribution Service 3.0
RP564: 7/17/2009 08:07:40 - Avg8 Update
RP565: 7/17/2009 14:00:16 - Software Distribution Service 3.0
RP566: 7/19/2009 09:06:00 - System Checkpoint
RP567: 7/19/2009 10:08:35 - Installed Windows Defender
RP568: 7/19/2009 10:10:05 - Software Distribution Service 3.0
RP569: 7/19/2009 23:00:38 - Software Distribution Service 3.0
RP570: 7/20/2009 08:59:40 - Software Distribution Service 3.0
RP571: 7/21/2009 10:16:29 - System Checkpoint
RP572: 7/22/2009 14:40:17 - System Checkpoint
RP573: 7/23/2009 08:14:13 - Software Distribution Service 3.0
RP574: 7/24/2009 16:27:19 - System Checkpoint
RP575: 7/25/2009 19:01:04 - System Checkpoint
RP576: 7/27/2009 07:54:45 - Software Distribution Service 3.0
RP577: 7/28/2009 17:32:37 - Avg8 Update
RP578: 7/28/2009 17:33:53 - Avg8 Update
RP579: 7/29/2009 14:00:16 - Software Distribution Service 3.0
RP580: 7/30/2009 07:30:41 - Software Distribution Service 3.0
RP581: 7/31/2009 16:55:41 - System Checkpoint
RP582: 8/1/2009 17:08:42 - System Checkpoint
RP583: 8/2/2009 20:12:37 - System Checkpoint
RP584: 8/4/2009 09:57:12 - System Checkpoint
RP585: 8/5/2009 08:36:59 - Removed AVG 8.5
RP586: 8/5/2009 08:38:32 - Removed AVG 8.5
RP587: 8/5/2009 09:45:26 - Software Distribution Service 3.0
RP588: 8/6/2009 12:58:16 - System Checkpoint
RP589: 8/6/2009 23:09:45 - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AGEIA PhysX v7.09.13
AiO Flash Mixer 3.9
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Ashampoo Burning Studio 5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
AutoUpdate
AVG 8.5
AVIVO Codecs
Beautiful Earth 5.2.4
Bonjour
Canon CanoScan Toolbox 4.1
CanoScan LiDE20,30 Manual
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.6
Driver Detective
ffdshow [rev 1909] [2008-03-20]
FreeCommander 2009.02
GIMP 2.6.6
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HyperSnap 6
Image Converter .EXE 2.0.0.81
Image Merger .EXE 1.0.0.19
Imikimi Plugin
iTunes
Java™ 6 Update 5
Jetcast 1.1.1
Living 3D Waterfalls Full Screen Saver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.1)
MySpaceIM
OmniPage SE
Pirates Buster for e-Book/Application (Decoder for Eisys)
Pop-Up Stopper Professional
QuickSnooker
QuickTime
Realtek High Definition Audio Driver
RedLightCenter
Registry Mechanic 7.0
Safari
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Silkroad
Singles: Flirt Up Your Life AO
Singles2
SpeechRedist
Spybot - Search & Destroy
Spyware Doctor 6.0
SweetIM for Messenger 2.7
SweetIM Toolbar for Internet Explorer 3.4
System Search Dispatcher
TestDrive Client
The General 4.0
There
Tom Clancy's Rainbow Six 3: Raven Shield
Unreal Tournament 2004
Unreal Tournament 3
Unreal Tournament G.O.T.Y. Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Utherverse 3D Client
VLC media player 0.9.9
WebFldrs XP
WebIQ Technology Engine
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2009
WinRAR archiver
Winter Wonderlands Screensaver
Winter Wonders Scenic Reflections 3.0
Wood Workshop
WordWeb Pro
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zinio Reader

==== Event Viewer Messages From Past Week ========

8/6/2009 08:46:40, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 08:44:34, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/5/2009 08:36:57, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/5/2009 08:06:57, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/5/2009 07:51:57, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/2/2009 14:21:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
8/2/2009 14:21:56, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users