Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft AV Pro, b.exe


  • Please log in to reply
15 replies to this topic

#1 BlackDiamond78

BlackDiamond78

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 25 August 2009 - 02:04 PM

Referred from: http://www.bleepingcomputer.com/forums/t/251828/microsoft-av-pro-bexe/

OTL did run, here are the logs:

OTL logfile created on: 8/25/2009 1:46:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 111.54 Mb Available Physical Memory | 21.83% Memory free
865.41 Mb Paging File | 181.46 Mb Available in Paging File | 20.97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 15.98 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.01 Gb Total Space | 59.24 Gb Free Space | 39.76% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 842.62 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: BLUEROOM
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/22 16:59:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/22 16:59:38 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/08/22 16:59:37 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/08/22 16:59:54 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 16:59:55 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/11/03 17:07:04 | 00,537,480 | R--- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
PRC - [2009/08/22 16:15:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/10/29 17:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/08/22 16:59:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 16:59:54 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2002/08/29 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/03 17:04:46 | 00,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2002/08/14 19:22:52 | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\System32\DSentry.exe
PRC - [2007/01/12 11:57:28 | 00,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/03/21 15:45:43 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2009/08/22 16:59:42 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/22 17:23:12 | 01,600,008 | R--- | M] (AVG) -- C:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe
PRC - [2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2003/01/19 14:04:35 | 00,532,880 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/04 06:57:22 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/04/09 17:53:50 | 01,340,944 | ---- | M] () -- C:\Program Files\SpywareBlaster\spywareblaster.exe
PRC - [2009/04/09 17:53:50 | 01,340,944 | ---- | M] () -- C:\Program Files\SpywareBlaster\spywareblaster.exe
PRC - [2009/08/25 13:46:03 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/22 16:59:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/22 16:59:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/22 16:59:38 | 01,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8 [Auto | Running])
SRV - [2009/07/22 17:23:10 | 05,641,736 | R--- | M] () -- C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent [Auto | Stopped])
SRV - [2009/07/22 17:23:14 | 00,571,912 | R--- | M] (AVG) -- C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe -- (AVGIDSWatcher [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/11/03 17:07:04 | 00,537,480 | R--- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/08/20 12:42:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/03 22:29:19 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2009/03/24 18:29:39 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/22 16:15:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2002/05/03 12:29:42 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2004/10/29 17:50:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/24 06:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 06:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 09:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 09:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 09:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/08/22 16:59:20 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx [On_Demand | Running])
DRV - [2009/08/22 16:59:20 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd [On_Demand | Stopped])
DRV - [2009/07/22 17:23:40 | 00,121,352 | R--- | M] (AVG Technologies ) -- C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys -- (AVGIDSDriver [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\Drivers\AVGIDSErHr.sys -- (AVGIDSErHr [Boot | Running])
DRV - [2009/07/22 17:23:40 | 00,030,216 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys -- (AVGIDSFilter [On_Demand | Running])
DRV - [2009/07/22 17:23:40 | 00,027,232 | ---- | M] (AVG Technologies ) -- C:\Program Files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys -- (AVGIDSShim [On_Demand | Running])
DRV - [2009/08/22 17:00:27 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/22 17:00:26 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/22 17:00:35 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/08/22 17:00:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/08/17 14:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
DRV - [2008/04/17 12:06:38 | 00,508,544 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\System32\drivers\CamdDriverV32.sys -- (CamdDriverV32 [On_Demand | Stopped])
DRV - [2004/11/25 12:54:54 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CdaD10BA.SYS -- (CdaD10BA [Auto | Running])
DRV - [2007/02/02 05:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2007/02/02 05:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2005/03/21 15:45:45 | 00,241,280 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2005/03/21 15:45:45 | 00,025,930 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
DRV - [2002/04/30 13:53:08 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2001/08/17 14:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys -- (Fallback [Auto | Running])
DRV - [2001/08/17 14:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys -- (Fsks [Auto | Running])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/06/30 20:50:12 | 00,167,155 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2002/06/30 20:49:46 | 01,172,416 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2001/08/17 14:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2001/08/17 14:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys -- (K56 [Auto | Running])
DRV - [2006/03/14 02:50:29 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/10/22 15:46:42 | 00,009,855 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2005/03/21 15:45:44 | 00,030,662 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2002/05/03 12:30:08 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2004/10/29 17:50:00 | 02,826,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/12/13 10:44:04 | 00,014,848 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\System32\Drivers\NvNdis.sys -- (NvNdis [Auto | Running])
DRV - [2002/07/19 11:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2002/08/30 17:29:02 | 01,293,440 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P16X.sys -- (P16X [On_Demand | Running])
DRV - [2004/10/11 12:28:18 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/03/21 15:45:45 | 00,144,250 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2007/05/01 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/05/31 14:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2001/08/17 14:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
DRV - [2002/08/29 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009/08/23 20:07:58 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal [On_Demand | Stopped])
DRV - [2009/06/18 12:55:41 | 00,018,816 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks [System | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/04/17 11:57:46 | 00,508,544 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2001/08/17 14:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys -- (SoftFax [Auto | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 14:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/10/03 17:51:01 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 14:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys -- (Tones [Auto | Running])
DRV - [2005/03/21 15:45:45 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/02/20 18:59:30 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2001/08/17 14:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_V124.sys -- (V124 [Auto | Running])
DRV - [2005/06/14 18:13:14 | 00,104,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2002/06/30 20:45:12 | 00,594,832 | ---- | M] (Conexant Systems) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = about:blank
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/22 17:00:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/22 16:15:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/22 16:59:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 23:30:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/22 16:16:33 | 00,000,000 | ---D | M]

[2008/06/18 12:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Extensions
[2008/06/18 12:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/12/05 20:26:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\npif2myb.Mike\extensions
[2005/03/31 22:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\npif2myb.Mike\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/12/05 20:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\npif2myb.Mike\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/08/25 12:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\x0yjny99.default\extensions
[2009/07/24 11:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\x0yjny99.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/03/09 18:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\mozilla\Firefox\Profiles\x0yjny99.default\extensions\moveplayer@movenetworks.com
[2008/01/04 01:18:15 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\FireFox\Profiles\x0yjny99.default\searchplugins\siteadvisor.xml
[2009/08/24 19:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 06:57:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/13 17:42:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/09 21:13:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/07 20:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/08/22 16:16:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/04 06:57:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 06:57:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/08/22 16:15:34 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/02/14 09:40:00 | 00,459,496 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/01/04 17:41:16 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/08/04 06:57:25 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/05/30 20:14:52 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 20:56:00 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 20:56:00 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 20:56:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 20:56:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 20:56:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 20:56:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 20:56:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/05/30 20:15:51 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/05/30 20:14:30 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/25 16:37:14 | 03,833,856 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2003/08/04 17:19:02 | 00,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\mozilla firefox\plugins\npwinamp.dll
[2009/06/14 11:46:05 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/14 11:46:05 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/22 17:45:52 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/06/14 11:46:06 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/14 11:46:06 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/14 11:46:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/14 11:46:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (848 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] C:\Program Files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe (AVG)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/09/29 15:38:21 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/09/29 15:38:21 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/09/29 15:38:21 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 72 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1137003940984 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://download.shockwave.com/pub/otoy/OTOYAX.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://officeupdate.microsoft.com/Template...nloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/12 22:17:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/08 09:59:46 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/17 18:15:24 | 00,000,069 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c9a44d18-5691-11d9-95e8-0007e9b3dfb3}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\{d79670c6-936a-11db-96c0-0007e9b3dfb3}\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- [2005/12/02 10:57:50 | 00,782,336 | ---- | M] (Western Digital Technologies)
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wd_windows_tools\setup.exe -- [2005/12/02 10:57:50 | 00,782,336 | ---- | M] (Western Digital Technologies)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\drivers\*.tmp files]
[17 C:\WINDOWS\System32\*.tmp files]
[2009/08/25 13:46:03 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2009/08/25 13:21:05 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/25 13:20:45 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\RSIT.exe
[2009/08/25 12:04:52 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/08/24 19:42:26 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\AVGSS3.bmp
[2009/08/24 19:40:47 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\AVGSS2.bmp
[2009/08/24 19:33:42 | 16,802,576 | ---- | C] (AVG ) -- C:\Documents and Settings\Mike\Desktop\avg_idp_stf_all_85_406.exe
[2009/08/24 19:04:56 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\AVGSS1.bmp
[2009/08/23 23:22:52 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2009/08/23 21:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/23 20:57:36 | 00,002,992 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Sophos.rtf
[2009/08/23 20:53:40 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\sar_15_sfx.exe
[2009/08/23 20:09:10 | 53,589,6064 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/23 20:07:58 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/08/23 19:08:10 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Mike\Desktop\tRepeal.exe
[2009/08/23 15:38:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 15:38:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 15:38:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 12:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/08/23 12:52:10 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Mike\Desktop\cbSetup.exe
[2009/08/23 12:19:28 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/08/23 12:15:53 | 08,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Mike\Desktop\cbSetup8.exe
[2009/08/23 12:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/08/23 11:48:16 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mike\Desktop\jre-6u16-windows-i586.exe
[2009/08/23 11:39:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2009/08/23 11:38:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2009/08/22 17:45:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\AVG Security Toolbar
[2009/08/22 17:45:07 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\log1.csv
[2009/08/22 17:01:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/22 17:00:36 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/22 17:00:35 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/22 17:00:35 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/22 17:00:34 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/22 17:00:27 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/22 17:00:26 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/22 17:00:18 | 40,145,219 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/22 17:00:18 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/22 17:00:18 | 00,068,371 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/22 17:00:14 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/22 17:00:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/22 17:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/08/22 16:59:20 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/22 16:59:20 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/22 16:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/22 16:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/22 16:35:58 | 10,548,6792 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Mike\Desktop\avg_ipw_stf_all_85_409a1634.exe
[2009/08/22 16:16:33 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/22 16:16:33 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/22 16:16:33 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/22 16:16:33 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/22 08:50:56 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/22 08:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/22 08:34:44 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/08/21 23:12:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 23:08:59 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\Chow.exe
[2009/08/21 23:08:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/21 23:08:24 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/21 00:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\McAfee
[2009/08/20 17:09:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/20 17:06:41 | 00,000,000 | ---D | C] -- C:\Mike
[2009/08/20 12:36:55 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\uacserf.dll
[2009/08/20 12:36:46 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\uacrem.dll
[2009/08/20 12:36:34 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\uacmal.db
[2009/08/19 12:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\AC Repl
[2009/08/16 09:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Mkeep
[2009/08/12 08:25:20 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 08:25:07 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/08 12:56:00 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/08 12:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/07 19:20:28 | 00,000,532 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\spider.sav
[2009/08/05 04:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 23:05:40 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/03 23:05:19 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/02 20:24:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My Music
[2009/08/01 10:31:42 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Revo Uninstaller.lnk
[2009/08/01 10:31:41 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/08/01 01:39:07 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\I got the news like you usually do.doc
[2009/08/01 01:28:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\InstallShield
[2008/07/24 20:04:43 | 00,000,256 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/01/03 23:14:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2008/01/03 23:14:49 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/01/03 23:14:24 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2008/01/03 23:14:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2008/01/03 23:14:24 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2008/01/03 23:11:55 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/01/03 23:11:55 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/01/03 23:11:54 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2008/01/03 23:11:54 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2008/01/03 23:11:54 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2008/01/03 23:11:54 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2008/01/03 23:11:53 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2008/01/03 23:11:53 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2008/01/03 23:11:53 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2008/01/03 23:11:53 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2008/01/03 23:11:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2008/01/03 23:11:53 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2008/01/03 23:11:52 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2008/01/03 23:11:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2008/01/03 23:11:52 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2008/01/03 23:11:52 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2008/01/03 23:11:52 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2008/01/03 23:11:51 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2008/01/03 23:11:51 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2008/01/03 23:11:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2008/01/03 23:11:51 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2008/01/03 23:11:51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2008/01/03 23:11:50 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/07/29 18:21:55 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\TPActiveX.dll
[2007/05/13 19:11:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2006/10/24 14:36:09 | 00,002,032 | ---- | C] () -- C:\WINDOWS\cqblang.ini
[2006/10/24 14:36:09 | 00,001,948 | ---- | C] () -- C:\WINDOWS\cqblang_kr.ini
[2006/10/24 14:36:09 | 00,001,930 | ---- | C] () -- C:\WINDOWS\cqblang_jp.ini
[2006/10/24 14:36:09 | 00,001,642 | ---- | C] () -- C:\WINDOWS\cqblang_ch.ini
[2006/10/24 14:34:26 | 00,000,037 | ---- | C] () -- C:\WINDOWS\DvrAppName.ini
[2005/08/20 14:42:21 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/08/20 14:42:21 | 00,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/08/20 14:41:04 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/06/10 22:35:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2005/04/02 11:33:36 | 00,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/04/02 11:33:36 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\C1F97DC92C.sys
[2005/02/17 18:42:13 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/17 13:18:08 | 00,000,020 | ---- | C] () -- C:\WINDOWS\ACMonitor_X84-X85(2).ini
[2004/09/18 17:39:59 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/04 23:17:15 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/12/09 14:16:52 | 00,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[2003/10/26 18:32:07 | 00,000,063 | ---- | C] () -- C:\WINDOWS\Lynyrd Skynyrd #1.ini
[2003/10/26 18:32:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2003/09/28 18:04:58 | 00,020,480 | ---- | C] () -- C:\WINDOWS\rmlluf32.dll
[2003/08/14 17:27:14 | 00,000,262 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/04/21 18:17:47 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/04/16 18:10:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2003/03/09 14:51:32 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\tlr_WAasw.ini
[2003/02/16 14:40:16 | 00,036,968 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2003/02/02 00:40:49 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2002/12/25 21:29:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2002/12/25 21:29:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/12/16 18:19:16 | 00,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2002/12/07 22:29:53 | 00,090,688 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/06 20:24:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2002/12/06 20:14:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/04 11:17:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/04 11:03:31 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2002/12/04 11:03:06 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2002/12/04 11:03:06 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/12/04 11:03:05 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/12/04 11:03:05 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/12/04 11:03:05 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2002/12/04 11:03:05 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2002/12/04 11:03:04 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2002/12/04 11:02:23 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/12/04 10:58:33 | 00,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/04 10:26:42 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/04 01:01:42 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/09/18 22:40:16 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/09/09 17:42:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/03 09:59:58 | 00,001,148 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 09:50:58 | 00,000,467 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/08/29 06:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2002/06/11 09:34:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kui.dll
[2002/06/11 09:33:54 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kpm.dll
[2002/03/26 21:18:27 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\drivers\*.tmp files]
[17 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/08/25 13:46:03 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2009/08/25 13:27:35 | 40,145,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/25 13:27:35 | 00,068,371 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/25 13:20:46 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\RSIT.exe
[2009/08/25 12:04:52 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2009/08/25 06:58:47 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/25 06:58:24 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/25 03:10:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/25 03:09:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/25 03:09:31 | 53,589,6064 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/24 19:42:26 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\AVGSS3.bmp
[2009/08/24 19:40:47 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\AVGSS2.bmp
[2009/08/24 19:35:21 | 16,802,576 | ---- | M] (AVG ) -- C:\Documents and Settings\Mike\Desktop\avg_idp_stf_all_85_406.exe
[2009/08/24 19:04:57 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\AVGSS1.bmp
[2009/08/23 20:57:36 | 00,002,992 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Sophos.rtf
[2009/08/23 20:53:41 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\sar_15_sfx.exe
[2009/08/23 20:42:15 | 00,000,467 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/08/23 20:07:58 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/08/23 15:38:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 12:52:59 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Mike\Desktop\cbSetup.exe
[2009/08/23 12:17:50 | 08,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Mike\Desktop\cbSetup8.exe
[2009/08/23 11:49:46 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Mike\Desktop\jre-6u16-windows-i586.exe
[2009/08/23 11:39:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\HijackThis.lnk
[2009/08/23 11:39:00 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mike\Desktop\HJTInstall.exe
[2009/08/22 18:04:48 | 00,001,148 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/08/22 18:04:48 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/22 17:45:07 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\log1.csv
[2009/08/22 17:00:36 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/08/22 17:00:35 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/08/22 17:00:35 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/22 17:00:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/22 17:00:27 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/22 17:00:26 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/22 17:00:18 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/22 17:00:18 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/22 16:59:20 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/08/22 16:59:20 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/08/22 16:46:41 | 10,548,6792 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mike\Desktop\avg_ipw_stf_all_85_409a1634.exe
[2009/08/22 16:15:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/22 16:15:33 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/22 16:15:33 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/22 16:15:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/22 16:15:32 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/21 23:09:28 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\Chow.exe
[2009/08/20 12:41:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/20 12:36:56 | 00,019,968 | ---- | M] () -- C:\WINDOWS\System32\uacserf.dll
[2009/08/20 12:36:46 | 00,030,208 | ---- | M] () -- C:\WINDOWS\System32\uacrem.dll
[2009/08/20 12:36:45 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\uacmal.db
[2009/08/20 12:28:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/08/20 06:52:14 | 00,166,912 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 22:48:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/15 11:22:30 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/08/15 11:21:31 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/08/15 09:27:14 | 00,000,256 | ---- | M] () -- C:\WINDOWS\ViewNX.INI
[2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Mike\Desktop\tRepeal.exe
[2009/08/13 03:19:29 | 00,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/11 22:16:51 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SpywareBlaster.lnk
[2009/08/08 12:56:00 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/07 19:20:28 | 00,000,532 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\spider.sav
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 21:00:42 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\I got the news like you usually do.doc
[2009/08/01 13:43:18 | 00,020,571 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/08/01 10:31:42 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Revo Uninstaller.lnk
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 17:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

And the other:

OTL Extras logfile created on: 8/25/2009 1:46:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 111.54 Mb Available Physical Memory | 21.83% Memory free
865.41 Mb Paging File | 181.46 Mb Available in Paging File | 20.97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 15.98 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.01 Gb Total Space | 59.24 Gb Free Space | 39.76% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 842.62 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: BLUEROOM
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE" = C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE:*:Enabled:LuComServer -- File not found
"C:\WINDOWS\SYSTEM32\dlcxcoms.exe" = C:\WINDOWS\SYSTEM32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" = C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE:*:Disabled:NDETECT -- File not found
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Disabled:WinMX Application -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"E:\bin\IA\Core\MDM_Util.exe" = E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA DVD Decoder
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1C30DF84-5917-4066-AF61-A6FD51186713}" = DVR Backup View Program
"{1F64D075-84F1-4EBC-A842-F2EF9C58009A}" = The Print Shop Premium Fonts
"{21F6B15F-1198-4FA2-8F31-5A24C1FBE144}" = Rhapsody Player Engine
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{4353818D-6CFB-4421-A90D-FF937F99DF30}" = BackupViewer
"{46776038-5A67-42DC-868D-D86F37668EDE}" = DVR Client Program
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2BFDD8E-D276-11D6-88AF-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_06
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F314EA69-9590-4876-8E2B-44CBEE7FFAA1}" = AVG Identity Protection
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6691488-C717-4FBA-8079-7BE021EC8BE9}" = Creative Zen Nano
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"AVG8Uninstall" = AVG 8.5
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"CobBackup9" = Cobian Backup 9
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Eraser_is1" = Eraser
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.480
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = Creative Mass Storage Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Security Task Manager" = Security Task Manager 1.7h
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SP2ConnectionPatcher" = SP2 Connection Patcher
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SysInfo" = Creative System Information
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.92
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Login" = Yahoo! Login
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2009 8:07:20 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:21 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:21 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:28 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:29 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:32 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:36 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:36 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:37 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 8/24/2009 8:07:37 PM | Computer Name = BLUEROOM | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

[ System Events ]
Error - 8/23/2009 11:45:57 PM | Computer Name = BLUEROOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 8/24/2009 12:25:56 AM | Computer Name = BLUEROOM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/24/2009 12:25:56 AM | Computer Name = BLUEROOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/24/2009 12:25:56 AM | Computer Name = BLUEROOM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/24/2009 12:25:56 AM | Computer Name = BLUEROOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/24/2009 12:26:00 AM | Computer Name = BLUEROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 8/24/2009 12:26:00 AM | Computer Name = BLUEROOM | Source = Service Control Manager | ID = 7023
Description = The Task Scheduler service terminated with the following error: %%5

Error - 8/24/2009 12:26:00 AM | Computer Name = BLUEROOM | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%5

Error - 8/24/2009 12:26:00 AM | Computer Name = BLUEROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Active File Monitor
V6 service to connect.

Error - 8/24/2009 12:26:00 AM | Computer Name = BLUEROOM | Source = Service Control Manager | ID = 7000
Description = The Adobe Active File Monitor V6 service failed to start due to the
following error: %%1053


< End of report >

Edited by Orange Blossom, 25 August 2009 - 03:30 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 27 August 2009 - 10:39 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.




Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 27 August 2009 - 12:48 PM

OK JavaRa was successful. Malwarebytes, well I'm not sure. It fired off, updated and began to scan (what it said was "Preparing for the scan"). 22 seconds into this, the whole MB window disappears. Task Manager shows the application as 'running' but mbam.exe does NOT show up in the process list. The last time I was able to get a scan to run long enough to produce a log was 8-22. I will post that log here in case it helps. If past history is correct, I won't be able to fire off MB again unless I do a complete uninstall and reload it. Also something that may be helpful, my taskbar has the little gold shield that tells you that windows has updates ready to download. This update is "Security Update for Windows XP KB956572" When I come home from work this afternoon, my computer will have restarted, and the green shield saying the updates were loaded and required a re-start. Less than a minute later, the gold shield will be back up, telling me the SAME security update is ready to download. If MB somehow completes a scan, I will post that log this afternoon.
Here is the last log I was able to generate. Thank you for your help. -Mike-
BTW Task Manager still says MB is running (app 20 minutes now) though there are no signs of it anywhere. If I try to rerun it later, it will say I don't have permission to do so. I have even renamed the .exe file and it still won't run again without a re-install. Aaaagh,


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/22/2009 10:19:21 AM
mbam-log-2009-08-22 (10-19-21).txt

Scan type: Quick Scan
Objects scanned: 138961
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\SYSTEM32\UACxmflotewbs.dll (Rogue.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\SYSTEM32\UACxmflotewbs.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACxmflotewbs.dll (Rogue.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\uacbbr.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACftoivnkldl.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\UACobpuupnkly.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\UACqomujnbaor.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


#4 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 27 August 2009 - 12:53 PM

Oopps. I was mistaken. MB was NOT shown as running in TM. That was only the open folder in Program Files. Let me try to fire it again. Nope, no luck. "Windows can not access the specified drive, path or file. You may not have the appropriate permissions to access the item". Incidentally, the hidden beast has changed the desktop icon for MB from the re "M" icon to one of those generic white with the blue band at top icons. Does this every time.

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 27 August 2009 - 02:52 PM

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 27 August 2009 - 04:50 PM

OK Sorry to be an igmo but how in the heck do I disable AVG? I tried ending the process in TM, but it just keeps coming back on.

#7 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 27 August 2009 - 06:00 PM

Here is the combo fix log, hope it helps, and thanks again.


ComboFix 09-08-27.02 - Mike 08/27/2009 17:21.1.1 - NTFSx86
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-448539723-813497703-839522115-1003
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\Downloaded Program Files\temp
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\system32\Data
c:\windows\system32\drivers\kbiwkmqwoscdov.sys
c:\windows\system32\drivers\UACqomujnbaor.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kbiwkmllvvcebw.dat
c:\windows\system32\kbiwkmmtbbgrxl.dll
c:\windows\system32\kbiwkmtuubaruk.dat
c:\windows\system32\kbiwkmulkdqxwk.dll
c:\windows\system32\open.ico
c:\windows\system32\UACftoivnkldl.dat
c:\windows\system32\UACobpuupnkly.dll
c:\windows\system32\UACxmflotewbs.dll
G:\Autorun.inf

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmthomqhrs
-------\Legacy_kbiwkmthomqhrs
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 17:04 . 2009-08-27 17:04 -------- d-----w- c:\program files\Java
2009-08-25 18:21 . 2009-08-25 18:21 -------- d-----w- C:\rsit
2009-08-25 00:38 . 2009-07-24 14:56 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-24 04:22 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-08-24 02:04 . 2009-08-24 02:04 -------- d-----w- c:\program files\Sophos
2009-08-24 01:07 . 2009-08-24 01:07 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-08-23 20:38 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 20:38 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 17:55 . 2009-08-23 17:55 -------- d-----w- c:\program files\Cobian Backup 9
2009-08-23 17:19 . 2009-08-23 17:51 -------- d-----w- c:\program files\Cobian Backup 8
2009-08-23 17:09 . 2009-08-23 17:55 -------- d-----w- c:\program files\Runtime Software
2009-08-22 22:45 . 2009-08-22 22:45 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AVG Security Toolbar
2009-08-22 22:01 . 2009-08-22 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-22 22:00 . 2009-08-22 22:00 12552 ------w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-22 22:00 . 2009-08-22 22:00 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-22 22:00 . 2009-08-22 22:00 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-22 22:00 . 2009-08-22 22:00 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 22:00 . 2009-08-22 22:00 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-22 22:00 . 2009-08-26 22:27 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-22 22:00 . 2009-08-25 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-22 21:59 . 2009-08-25 00:36 -------- d-----w- c:\program files\AVG
2009-08-22 21:59 . 2009-08-22 21:59 50968 ------w- c:\windows\system32\avgfwdx.dll
2009-08-22 21:59 . 2009-08-22 21:59 29208 ------w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-22 21:16 . 2009-08-27 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 21:14 . 2009-08-22 21:14 152576 ------w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- C:\_OTM
2009-08-22 13:35 . 2009-02-09 12:10 714752 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2009-08-22 13:35 . 2009-02-09 12:10 617472 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2009-08-22 13:34 . 2009-08-22 13:34 423 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2009-08-22 13:34 . 2009-08-22 13:34 108 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-08-22 13:34 . 2009-08-22 13:34 1077 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2009-08-22 13:34 . 2009-08-22 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-22 13:34 . 2009-08-22 13:34 -------- d-----w- c:\program files\Security Task Manager
2009-08-22 04:12 . 2009-08-25 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 04:08 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-22 04:08 . 2009-08-22 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 05:47 . 2009-07-13 06:42 286880 ------r- c:\documents and settings\Mike\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\documents and settings\Mike\Application Data\McAfee
2009-08-20 22:06 . 2009-08-22 18:49 -------- d-----w- C:\Mike
2009-08-20 17:36 . 2009-08-20 17:36 19968 ----a-w- c:\windows\system32\uacserf.dll
2009-08-20 17:36 . 2009-08-20 17:36 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-12 13:25 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 17:54 . 2009-08-08 17:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 04:05 . 2009-08-04 04:05 -------- d-----w- c:\program files\iPod
2009-08-04 04:05 . 2009-08-04 04:06 -------- d-----w- c:\program files\iTunes
2009-08-04 03:54 . 2009-08-04 03:54 75040 ------w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-01 15:31 . 2009-08-01 15:31 -------- d-----w- c:\program files\VS Revo Group
2009-08-01 06:28 . 2009-08-01 06:28 -------- d-----w- c:\documents and settings\Mike\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 22:36 . 2007-10-08 18:13 -------- d-----w- c:\program files\Dl_cats
2009-08-27 22:18 . 2003-04-25 00:33 -------- d-----w- c:\program files\Eraser
2009-08-27 17:04 . 2009-08-27 17:04 0 ----a-w- c:\windows\system32\REN15.tmp
2009-08-27 17:04 . 2009-08-27 17:04 0 ----a-w- c:\windows\system32\REN14.tmp
2009-08-27 08:10 . 2008-05-30 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-25 21:59 . 2005-11-02 04:25 -------- d-----w- c:\program files\Trend Micro
2009-08-25 19:41 . 2008-04-19 18:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 22:13 . 2008-01-04 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-21 17:50 . 2004-07-14 01:34 -------- d-----w- c:\program files\SpywareBlaster
2009-08-20 17:36 . 2009-04-12 15:39 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2009-08-15 16:22 . 2008-07-25 00:51 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-08-15 16:21 . 2008-07-25 00:48 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-08 19:42 . 2008-06-28 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-08 17:55 . 2004-04-08 20:59 -------- d-----w- c:\program files\Lavasoft
2009-08-05 09:01 . 2003-12-25 14:18 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:05 . 2008-02-29 02:08 -------- d-----w- c:\program files\Common Files\Apple
2009-08-01 19:08 . 2002-12-04 15:56 -------- d-----w- c:\program files\Dell
2009-08-01 18:43 . 2008-01-04 04:12 -------- d-----w- c:\program files\Dell PC Fax
2009-07-26 18:01 . 2009-07-26 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-26 17:52 . 2005-02-22 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-26 17:51 . 2009-07-26 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-22 22:23 . 2009-07-22 22:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 22:23 . 2009-07-22 22:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 19:01 . 2002-08-29 11:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-15 02:26 . 2009-07-15 02:26 -------- d-----w- c:\program files\Apple Software Update
2009-07-14 04:43 . 2003-01-23 02:14 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:52 . 2004-01-10 21:33 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-07-08 02:00 . 2009-07-08 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-08 01:57 . 2009-07-08 01:57 -------- d-----w- c:\program files\Bonjour
2009-07-08 01:55 . 2009-07-08 01:54 -------- d-----w- c:\program files\QuickTime
2009-06-29 16:12 . 2004-02-06 23:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 11:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 11:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 11:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-12 04:05 . 2008-12-30 05:06 256 ------w- c:\windows\system32\pool.bin
2009-06-10 14:19 . 2002-08-29 11:00 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2002-08-29 11:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-05 16:42 . 2009-07-08 01:50 2060288 ------w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2008-02-29 02:09 39424 ------w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2003-12-25 14:18 1291264 ------w- c:\windows\system32\quartz.dll
2005-02-17 18:06 . 2005-02-17 18:06 32 --sh--w- c:\windows\{50155E21-DD27-4C04-9994-C112E2E10AE8}.dat
2005-02-17 18:07 . 2005-02-17 18:07 32 --sh--w- c:\windows\{5974DD6E-055D-4D11-964A-AB93235580F2}.dat
2008-05-07 02:03 . 2005-04-02 16:33 152 --sh--r- c:\windows\SYSTEM32\C1F97DC92C.sys
2008-05-07 02:03 . 2005-04-02 16:33 6686 --sh--w- c:\windows\SYSTEM32\KGyGaAvL.sys
2005-02-17 18:07 . 2005-02-17 18:07 32 --sh--w- c:\windows\SYSTEM32\{3672FE82-1011-45FE-A78E-CC7E464F359F}.dat
2005-02-17 18:06 . 2005-02-17 18:06 32 --sh--w- c:\windows\SYSTEM32\{B8B156FB-EB02-4D97-BDC7-689891323796}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ------w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-01-19 532880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-03-21 684032]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]
"AVGIDS"="c:\program files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-27 149280]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-10-29 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-02-24 2506752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-04 03:29 10792 ------w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 22:00 11952 ------w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-08-22 29208]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-04-17 508544]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2.tmp [x]
S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-08-22 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-22 108552]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-08-22 1370488]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 537480]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-08-22 29208]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys [2009-07-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys [2009-07-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys [2009-07-22 27232]


--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-30 23:29]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\x0yjny99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\x0yjny99.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 17:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2242227130-1042475429-3005884957-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-08-27 17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 22:52

Pre-Run: 17,628,057,600 bytes free
Post-Run: 17,527,246,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

414 --- E O F --- 2009-08-27 08:01

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 28 August 2009 - 09:55 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
MEMSWEEP2

File::
c:\windows\system32\2.tmp
c:\windows\system32\REN15.tmp
c:\windows\system32\REN14.tmp
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 28 August 2009 - 10:11 AM

I will do this when I get off for lunch (12 Central). Is there a simple way to disable AVG 8.5?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 28 August 2009 - 10:18 AM

You should be able to just right click on the taskbar icon and select Disable.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 28 August 2009 - 02:32 PM

If things keep on looking up, I might just have to cheer for Ohio State this year! OK here are the logs (and man am I late for work!)

ComboFix 09-08-27.02 - Mike 08/28/2009 12:09.2.1 - NTFSx86
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point

FILE ::
"c:\windows\system32\2.tmp"
"c:\windows\system32\REN14.tmp"
"c:\windows\system32\REN15.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\REN14.tmp
c:\windows\system32\REN15.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-27 17:04 . 2009-08-27 17:04 -------- d-----w- c:\program files\Java
2009-08-25 18:21 . 2009-08-25 18:21 -------- d-----w- C:\rsit
2009-08-25 00:38 . 2009-07-24 14:56 1062144 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-24 04:22 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-08-24 02:04 . 2009-08-24 02:04 -------- d-----w- c:\program files\Sophos
2009-08-24 01:07 . 2009-08-24 01:07 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-08-23 20:38 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 20:38 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 17:55 . 2009-08-23 17:55 -------- d-----w- c:\program files\Cobian Backup 9
2009-08-23 17:19 . 2009-08-23 17:51 -------- d-----w- c:\program files\Cobian Backup 8
2009-08-23 17:09 . 2009-08-23 17:55 -------- d-----w- c:\program files\Runtime Software
2009-08-22 22:45 . 2009-08-22 22:45 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\AVG Security Toolbar
2009-08-22 22:01 . 2009-08-22 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-22 22:00 . 2009-08-22 22:00 12552 ------w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-22 22:00 . 2009-08-22 22:00 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-22 22:00 . 2009-08-22 22:00 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-22 22:00 . 2009-08-22 22:00 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 22:00 . 2009-08-22 22:00 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-22 22:00 . 2009-08-28 10:27 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-22 22:00 . 2009-08-25 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-22 21:59 . 2009-08-25 00:36 -------- d-----w- c:\program files\AVG
2009-08-22 21:59 . 2009-08-22 21:59 50968 ------w- c:\windows\system32\avgfwdx.dll
2009-08-22 21:59 . 2009-08-22 21:59 29208 ------w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-22 21:16 . 2009-08-27 17:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 21:14 . 2009-08-22 21:14 152576 ------w- c:\documents and settings\Mike\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-22 13:50 . 2009-08-22 13:50 -------- d-----w- C:\_OTM
2009-08-22 13:35 . 2009-02-09 12:10 714752 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2009-08-22 13:35 . 2009-02-09 12:10 617472 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2009-08-22 13:34 . 2009-08-22 13:34 423 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
2009-08-22 13:34 . 2009-08-22 13:34 108 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-08-22 13:34 . 2009-08-22 13:34 1077 ------w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
2009-08-22 13:34 . 2009-08-22 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-22 13:34 . 2009-08-22 13:34 -------- d-----w- c:\program files\Security Task Manager
2009-08-22 04:12 . 2009-08-25 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 04:08 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-22 04:08 . 2009-08-22 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-21 05:47 . 2009-07-13 06:42 286880 ------r- c:\documents and settings\Mike\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-21 05:08 . 2009-08-21 05:08 -------- d-----w- c:\documents and settings\Mike\Application Data\McAfee
2009-08-20 22:06 . 2009-08-22 18:49 -------- d-----w- C:\Mike
2009-08-20 17:36 . 2009-08-20 17:36 19968 ----a-w- c:\windows\system32\uacserf.dll
2009-08-20 17:36 . 2009-08-20 17:36 30208 ----a-w- c:\windows\system32\uacrem.dll
2009-08-12 13:25 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 17:54 . 2009-08-08 17:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 04:05 . 2009-08-04 04:05 -------- d-----w- c:\program files\iPod
2009-08-04 04:05 . 2009-08-04 04:06 -------- d-----w- c:\program files\iTunes
2009-08-04 03:54 . 2009-08-04 03:54 75040 ------w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-01 15:31 . 2009-08-01 15:31 -------- d-----w- c:\program files\VS Revo Group
2009-08-01 06:28 . 2009-08-01 06:28 -------- d-----w- c:\documents and settings\Mike\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 17:23 . 2007-10-08 18:13 -------- d-----w- c:\program files\Dl_cats
2009-08-28 17:22 . 2008-05-30 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-28 17:19 . 2003-04-25 00:33 -------- d-----w- c:\program files\Eraser
2009-08-25 21:59 . 2005-11-02 04:25 -------- d-----w- c:\program files\Trend Micro
2009-08-25 19:41 . 2008-04-19 18:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 22:13 . 2008-01-04 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-21 17:50 . 2004-07-14 01:34 -------- d-----w- c:\program files\SpywareBlaster
2009-08-20 17:36 . 2009-04-12 15:39 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2009-08-15 16:22 . 2008-07-25 00:51 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-08-15 16:21 . 2008-07-25 00:48 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-08 19:42 . 2008-06-28 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-08 17:55 . 2004-04-08 20:59 -------- d-----w- c:\program files\Lavasoft
2009-08-05 09:01 . 2003-12-25 14:18 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 04:05 . 2008-02-29 02:08 -------- d-----w- c:\program files\Common Files\Apple
2009-08-01 19:08 . 2002-12-04 15:56 -------- d-----w- c:\program files\Dell
2009-08-01 18:43 . 2008-01-04 04:12 -------- d-----w- c:\program files\Dell PC Fax
2009-07-26 18:01 . 2009-07-26 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-26 17:52 . 2005-02-22 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-26 17:51 . 2009-07-26 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-22 22:23 . 2009-07-22 22:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 22:23 . 2009-07-22 22:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 19:01 . 2002-08-29 11:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-15 02:26 . 2009-07-15 02:26 -------- d-----w- c:\program files\Apple Software Update
2009-07-14 04:43 . 2003-01-23 02:14 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-14 02:52 . 2004-01-10 21:33 -------- d-----w- c:\documents and settings\Mike\Application Data\Apple Computer
2009-07-08 02:00 . 2009-07-08 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-08 01:57 . 2009-07-08 01:57 -------- d-----w- c:\program files\Bonjour
2009-07-08 01:55 . 2009-07-08 01:54 -------- d-----w- c:\program files\QuickTime
2009-06-29 16:12 . 2004-02-06 23:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2002-08-29 11:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 11:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 11:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-12 04:05 . 2008-12-30 05:06 256 ------w- c:\windows\system32\pool.bin
2009-06-10 14:19 . 2002-08-29 11:00 2066432 ------w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2002-08-29 11:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-08-29 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2009-06-05 16:42 . 2009-07-08 01:50 2060288 ------w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2008-02-29 02:09 39424 ------w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2003-12-25 14:18 1291264 ------w- c:\windows\system32\quartz.dll
2005-02-17 18:06 . 2005-02-17 18:06 32 --sh--w- c:\windows\{50155E21-DD27-4C04-9994-C112E2E10AE8}.dat
2005-02-17 18:07 . 2005-02-17 18:07 32 --sh--w- c:\windows\{5974DD6E-055D-4D11-964A-AB93235580F2}.dat
2008-05-07 02:03 . 2005-04-02 16:33 152 --sh--r- c:\windows\SYSTEM32\C1F97DC92C.sys
2008-05-07 02:03 . 2005-04-02 16:33 6686 --sh--w- c:\windows\SYSTEM32\KGyGaAvL.sys
2005-02-17 18:07 . 2005-02-17 18:07 32 --sh--w- c:\windows\SYSTEM32\{3672FE82-1011-45FE-A78E-CC7E464F359F}.dat
2005-02-17 18:06 . 2005-02-17 18:06 32 --sh--w- c:\windows\SYSTEM32\{B8B156FB-EB02-4D97-BDC7-689891323796}.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-27_22.36.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 17:21 . 2009-08-28 17:21 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:56 1062144 ------w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-01-19 532880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-03-21 684032]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]
"AVGIDS"="c:\program files\AVG\Identity Protection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-27 149280]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-10-29 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-02-24 2506752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-04 03:29 10792 ------w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 22:00 11952 ------w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-08-22 29208]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-04-17 508544]
S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-07-22 25608]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-08-22 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-22 108552]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-08-22 1370488]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 537480]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-08-22 29208]
S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSDriver.sys [2009-07-22 121352]
S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSFilter.sys [2009-07-22 30216]
S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\Identity Protection\agent\driver\platform_XP\AVGIDSShim.sys [2009-07-22 27232]


--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-08-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-30 23:29]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\x0yjny99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\x0yjny99.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 12:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2242227130-1042475429-3005884957-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Windows Desktop Search\dsWebAllow.dll
c:\program files\Windows Desktop Search\en-us\dsWebAllowRes.dll.mui
c:\program files\Windows Desktop Search\dsWebAllowRes.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-28 12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 17:31
ComboFix2.txt 2009-08-27 22:52

Pre-Run: 15,745,703,936 bytes free
Post-Run: 15,698,395,136 bytes free

361 --- E O F --- 2009-08-28 08:02



AND the MB Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2710
Windows 5.1.2600 Service Pack 3

8/28/2009 2:19:52 PM
mbam-log-2009-08-28 (14-19-52).txt

Scan type: Full Scan (C:\|G:\|H:\|)
Objects scanned: 260297
Time elapsed: 1 hour(s), 37 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\dddesot.dll.q_Quarantine_8048807_q (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kbiwkmmtbbgrxl.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kbiwkmulkdqxwk.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\_OTM\MovedFiles\08222009_085056\WINDOWS\system32\desot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Thanks! Let me know what's next. And what exactly do I/did I have going on here? Does this dragon have a name?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 28 August 2009 - 03:42 PM

You had a rootkit infection and then some other crap on top of that.
Assuming everything is running smoothly now we can clean up and then I'll post some final recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 28 August 2009 - 04:57 PM

Ok, a couple of questions though. Windows is still having a problem loading that update (KB956572). When I got home, I had a window telling me updates had been installed and I needed to re-boot. I did so, and everything seemed VERY slow to load, didn't think that Firefox would ever start. Lo and behold, the little yellow shield is telling me again that updates are ready for my computer. Same updates. My AVG Personal Identity Protection will still not fire off.
I do have Spywareblaster, and did have Spybot, but AVG said it wasn't compatible so I uninstalled it. Can those two peacefully co-exist? Also when I was running Malwarebytes the last time, AVG popped up and said it (MB) was a bad thing. I ignored that. I guess when I re-booted after Combo I should have disabled AVG again, but didn't. I will remove Combo after I hear back from you. Did I say thank you yet? Thank you.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:38 AM

Posted 29 August 2009 - 10:53 AM

First thing, try to install that update manually. You can download it from here.
http://www.microsoft.com/downloads/details...;displaylang=en

If the same issue persists you can contact Microsoft for free support relating to Windows update issues at 1-866-PCSAFETY.

AVG and Spybot can coexist if you don't run the real time protection of Spybot. Not sure why AVG has a problem with Malwarebytes. That's the first time I've heard of that.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 BlackDiamond78

BlackDiamond78
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 30 August 2009 - 02:33 PM

OK I have AVG working now. Whatever I had modified the permissions. I still can't get that windows update to work, manually or otherwise. Also is the file "Qoobox" part of ComboFix? I wasn't sure.

Again thanks for your help. What a week.

Oh yeah, Go Buckeyes! (Unless they are playing the Sooners, then it's every man for himself! ; )




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users