Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Internet Security 2010 Terrorism


  • This topic is locked This topic is locked
28 replies to this topic

#1 oxblood

oxblood

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 March 2010 - 12:39 PM

BComputer Staff - This is my second attempt to post for help with removal. I am unable to save the gmers and ark.txt files but Garmanma states that the dds log will be sufficient.

I contracted the trojan Sunday 3-7-2010 and am unable to run any security or removal programs, The only way I can paste DDS log is in safe mode.

I have inadvertently run the following programs attempting removal all unsuccessfully;
windows safety.live.com scan

superantispyware
ad aware
spybot search & destroy
avg 9
malwarebytes

Any and all help will be greatly appreciated as I am desparate.

Oxblood


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Administrator at 14:56:39.04 on Wed 03/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.201 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\temp\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\act!sp~1.lnk - c:\program files\symantec\act\ACTLDR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sideact!.lnk - c:\program files\symantec\act\SideACT.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: musicmatch.com
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.tscmaps.com/shared/viewer/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mandtuniversity.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-17 360584]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-17 333192]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-17 28424]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 66632]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-17 285392]
S2 gupdate1ca34ac16d3a4ce;Google Update Service (gupdate1ca34ac16d3a4ce);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2004-5-19 36404]
S2 NAVAPEL;NAVAPEL;\??\c:\program files\navnt\navapel.sys --> c:\program files\navnt\NAVAPEL.SYS [?]
S2 ppsio2;PPDevice;c:\windows\system32\drivers\PPSIO2.SYS [2004-6-2 22400]
S2 SAVRoam;SAVRoam;c:\progra~1\navnt\savroam.exe --> c:\progra~1\navnt\SavRoam.exe [?]
S3 NAVAP;NAVAP;\??\c:\progra~1\navnt\navap.sys --> c:\progra~1\navnt\NAVAP.sys [?]
S3 palmusb;USB Comm driver (WDM);c:\windows\system32\drivers\palmusb.sys [2001-12-20 72800]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]

=============== Created Last 30 ================

2010-03-10 20:51:59 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-03-10 18:01:40 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-03-10 16:42:54 1936624 ----a-w- c:\temp\CureSetup_CB.exe
2010-03-09 21:44:45 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-03-09 21:44:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 21:44:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 21:44:39 0 d-----w- c:\temp\Malwarebytes' Anti-Malware
2010-03-09 21:44:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-08 15:14:19 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-03-08 15:13:33 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-02-19 14:41:42 65024 ----a-w- c:\windows\system32\mrtMngr.exe
2010-02-14 04:21:43 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-02-14 04:21:06 0 d-----w- c:\program files\MozyHome
2010-02-14 03:19:55 107 ----a-w- c:\windows\HighEdit.ini

==================== Find3M ====================

2010-01-17 18:50:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-17 18:50:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-17 18:49:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2007-10-03 00:18:50 513 ----a-w- c:\program files\INSTALL.LOG
2006-08-10 05:22:19 361392128 ----a-w- c:\program files\ACT!2005.iso
2004-06-02 14:52:01 3696336 ----a-w- c:\program files\dgt.exe
2001-09-28 23:00:28 164864 ----a-w- c:\program files\UNWISE.EXE
2008-10-04 08:07:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat

============= FINISH: 14:57:28.06 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 15 March 2010 - 07:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 16 March 2010 - 08:13 AM

Shannon2012 - Thank you so much for your reply. As I posted in a previous thread I have a problem complying with part of the instructions. Due to the fact that XP INTERNET SECURITY 2010 has basically hijacked the majority of my functions in regular startup mode I am forced to run the requested scans in safe mode. The DSS scan was not a problem. However when I ran the GMER's scan I was unable to access the save button so as to save it to desktop to post for BC staff's review. I don't now what to do about posting GMER"s or ark.txt. Any suggestions on how to overcome this is greatly appreciated as I desparatly need to get my system clean and operational.

Thanks
Oxblood

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 16 March 2010 - 10:37 AM

Hi, oxblood-

Welcome to Bleeping Computer.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

Please give me some time to look over your log. I will post the reply as soon as possible.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 17 March 2010 - 11:05 AM

Hi-

I am assuming that you are unable to run any anti-virus tools in normal boot mode because the infection is blocking the execution. In normal boot mode, let's try the Rkill program which, hopefully, will allow you to execute the tools that we need to use to find out what is infecting your machine and to clear that infection.

Download one of the following Rkill programs to your desktop, run it. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Run GMER.

Note: If you are unable to get GMER to run, rerun Rkill. You might have to run Rkill several times before GMER will run.

We need to create an OTL Report
  • Please download OTL from here if you have not done so already:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Under the Custom Scan box paste in the contents of the CODE box.
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Push the button.
  • Two reports will open, copy in the OTL log and attach the Extra log to your next reply
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next post, please copy in the OTL log, and please attach the GMER and the OTL Extra files.

Thanks,


Shannon

#6 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 17 March 2010 - 08:46 PM

Shannon - I have attempted to comply with your instructions. I ran the gmers scan and otl scan in regular start up mode both successfully. I also copied into the Custom Scan box the requested code files. However when I attempted to Run Scan at the end of your instructions it would not activate therefore neither OTL.txt nor Extra.txt would open, consequently I am unable to post any of the requested files to this post. This is unbelieveably frustrating. I hope you and the staff have a plan B. I await your reply.

Oxblood

#7 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 19 March 2010 - 01:31 PM

Shannon2012 - I have attempted for the second time to comply with your instructions and for the second time the run scan at the end of the process will not activate therefore I'm unable to open OTL.txt or Extra.txt nor able to copy the gmers scan nor the OTL report. I anxiously await instructions on how to overcome this as my only other solution is to reformat the drive which certainly hope to avoid.
Please let me hear your thoughts ASAP.

Thanks

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 19 March 2010 - 04:29 PM

Hi-

Sorry for the delay!!

Print these instructions so you have them to use while you are running the anti-malware tools.

All these tools should be run in normal boot mode.

If the Rkill you downloaded already works to allow you to run the anti-malware tools, go ahead and run it now. Otherwise, download one of the following Rkill programs to your desktop and run it. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

We Need to check for Rootkits with RootRepeal.
  • Download RootRepeal from one of the following locations and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open on your desktop. If RootRepeal won't open for you, run the the Rkill program again and then try again to open the RootRepeal.
  • Click on RootRepeal's Report tab.
  • Click on RootRepeal's Scan button.
  • Check all seven boxes in RootRepeal:
  • Push Ok within RootRepeal.
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Save Report button. Save the log to your desktop as RootRepeal.txt. Include this report in your next reply, please.
Let's try the OTL program again but without the extras this time -
  • Double click on the icon on your desktop.
  • After OTL opens, click the Scan All Users checkbox on the OTL menu bar at the top of the tool's window.
  • Push the Run Scan button on the OTL menu bar at the top of the tool's window.
  • When the scan finishes, two reports will open, copy and paste them into your reply:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your reply, please copy in the RootRepeal log, the OTL log, and the Extra log. If you have any problems with any of these steps, please let me know about it.

Shannon

#9 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 19 March 2010 - 07:49 PM

Shannon - I have run rkill 3 times. I then downloaded RootRepeal and attempted to run the exe file. Each time my computer locked up and and left a white bar in the middle of the screen. I will continue to attempt to try and run these programs per your instructions however it is becoming apparrent that this is not working. I would appreciate a quick reply with any other solutions that you or the staff may have as I have a seminar I am presentng Monday 3-22-2010 and I'm totally dependent on my computer for the presentation. I look forward to your quick response.

Oxblood

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 20 March 2010 - 06:31 AM

Hi-

Run the OTL following the instructions I sent yesterday
Shannon

#11 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 March 2010 - 07:23 AM

Shannon - Thank goodness the otl scan worked, please see below. I await further instructions.

Thanks much

Oxblood OTL logfile created on: 3/20/2010 6:53:44 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Elvis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 18.00% Memory free
920.00 Mb Paging File | 483.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.61 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.14 Mb Total Space | 5.06 Mb Free Space | 33.44% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Elvis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
PRC - [2010/03/17 17:08:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 17:08:41 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 17:08:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 17:07:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 17:07:40 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 21:09:14 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/08/14 12:12:46 | 000,049,152 | ---- | M] () -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
PRC - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2000/06/14 15:11:00 | 000,282,624 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE
PRC - [1998/02/27 05:00:00 | 000,176,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\ACT\SideACT.exe
PRC - [1998/02/27 05:00:00 | 000,034,816 | ---- | M] () -- C:\Program Files\Symantec\ACT\ACTLDR.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SAVRoam)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/03/17 17:08:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/02 15:00:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - [2010/03/17 17:08:53 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 17:08:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 17:07:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/13 13:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/16 15:48:45 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/07/16 15:47:10 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/07/16 15:47:09 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/07/16 15:47:09 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/07/16 15:47:09 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/07/16 15:46:15 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/07/16 15:42:26 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/07/16 15:42:25 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/07/16 15:42:24 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/07/16 15:34:22 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/07/16 15:26:33 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/07/16 15:25:32 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/07/16 15:24:23 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/07/16 15:24:22 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/07/16 15:24:09 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/04 14:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/12/20 21:21:16 | 000,072,800 | ---- | M] (Moore Computer Consultants, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\palmusb.sys -- (palmusb) USB Comm driver (WDM)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/11/05 18:43:24 | 000,036,404 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MrtRate.sys -- (mrtRate)
DRV - [1999/04/02 10:16:28 | 000,022,400 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PPSIO2.SYS -- (ppsio2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/18 08:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 10:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/13 10:41:47 | 000,000,000 | ---D | M]

[2009/04/30 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Extensions
[2007/02/15 20:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\gd1mtlel.default\extensions
[2007/11/18 14:06:55 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\gd1mtlel.default\searchplugins\search.xml
[2010/02/13 10:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.com/real/player/download...ne_Inst_Win.cab (RhapsodyPlayerEngineCtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.tscmaps.com/shared/viewer/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mandtuniversity.webex.com/client/v_...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97c5454d-9e75-11de-bb14-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (SDEarlyDelete) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 21:31:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/19 18:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Desktop\RootRepeal
[2010/03/19 17:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/18 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Application Data\Malwarebytes
[2010/03/17 20:25:01 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
[2010/03/17 17:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Desktop\gmer
[2010/03/17 17:08:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/10 23:15:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/03/10 13:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/03/09 16:44:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/09 16:44:39 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/09 16:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/08 10:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/03 18:51:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Elvis\My Documents\My Pictures
[2010/02/19 09:41:42 | 000,065,024 | ---- | C] (Marimba Inc.) -- C:\WINDOWS\System32\mrtMngr.exe
[2010/01/17 13:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/17 13:46:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/17 13:46:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/13 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/13 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/11/10 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/10/06 00:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/02 09:51:52 | 003,696,336 | ---- | C] (iCentric Corp.) -- C:\Program Files\dgt.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elvis\My Documents\*.tmp files -> C:\Documents and Settings\Elvis\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 07:00:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8CBC8DDE-230E-42EC-8D41-D65D20391EB5}.job
[2010/03/20 06:39:23 | 000,006,458 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/03/20 06:39:23 | 000,004,660 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/20 06:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 21:35:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/19 21:34:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/19 21:34:19 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/19 21:33:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 21:33:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/19 21:33:47 | 400,625,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/19 21:32:56 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Elvis\ntuser.dat
[2010/03/19 21:32:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Elvis\NTUSER.INI
[2010/03/19 21:32:48 | 007,477,764 | -H-- | M] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\IconCache.db
[2010/03/19 18:07:29 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\RootRepeal.zip
[2010/03/19 17:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/19 11:31:59 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/19 11:01:15 | 057,363,675 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/18 13:43:02 | 000,000,895 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
[2010/03/17 17:20:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\gmer.zip
[2010/03/17 17:12:32 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\rkill.com
[2010/03/17 17:08:53 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/17 17:08:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/17 17:08:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/17 17:08:29 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\rkill.exe
[2010/03/17 17:07:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/15 09:44:20 | 000,441,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 09:44:20 | 000,381,784 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 09:44:20 | 000,053,604 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/11 04:16:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/10 15:45:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\Defogger.exe
[2010/03/10 13:03:08 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\Shortcut to 2009 contract.lnk
[2010/03/10 13:01:40 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/03/09 16:44:43 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/08 12:06:12 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/08 07:30:34 | 000,012,858 | -HS- | M] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784
[2010/02/24 23:46:38 | 000,191,073 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\reflist.pdf
[2010/02/24 23:45:34 | 000,191,073 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\Hydrocarbon.pdf
[2010/02/24 20:16:31 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\ADDENDUM TO LETTER DIRECTION LYRL.doc
[2010/02/24 18:24:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Word.lnk
[2010/02/24 17:04:57 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\LYRL'S TRUST.doc
[2010/02/24 04:02:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 09:41:42 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\System32\mrtMngr.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elvis\My Documents\*.tmp files -> C:\Documents and Settings\Elvis\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/19 18:07:28 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\RootRepeal.zip
[2010/03/19 10:53:00 | 400,625,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/17 17:20:01 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\gmer.zip
[2010/03/17 17:12:32 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\rkill.com
[2010/03/17 17:08:28 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\rkill.exe
[2010/03/10 15:45:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\Defogger.exe
[2010/03/10 13:01:45 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/10 13:01:45 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/10 13:01:45 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/10 13:01:40 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/03/09 16:44:43 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 15:28:09 | 000,012,858 | -HS- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784
[2010/02/24 23:46:38 | 000,191,073 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\reflist.pdf
[2010/02/24 23:45:33 | 000,191,073 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\Hydrocarbon.pdf
[2010/02/24 18:57:23 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\ADDENDUM TO LETTER DIRECTION LYRL.doc
[2010/02/13 22:19:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\HighEdit.ini
[2009/05/22 14:59:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\InstallCode.ini
[2008/11/18 19:16:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/16 03:02:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/29 00:25:48 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2007/10/02 19:24:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\WinFlex6EXT.ini
[2007/10/02 19:18:48 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/10/02 19:18:48 | 000,000,513 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/10/02 19:16:37 | 000,000,870 | ---- | C] () -- C:\WINDOWS\IPG.ini
[2007/10/02 19:10:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\AIGAGUtility.ini
[2007/10/02 19:08:11 | 000,000,561 | ---- | C] () -- C:\WINDOWS\AIGAGinstalllog.ini
[2007/10/02 19:07:40 | 000,000,359 | ---- | C] () -- C:\WINDOWS\AIG.ini
[2006/11/10 20:48:16 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2006/11/10 20:48:09 | 000,000,443 | ---- | C] () -- C:\WINDOWS\8272A4GS.INI
[2006/11/10 20:48:09 | 000,000,412 | ---- | C] () -- C:\WINDOWS\VIAPLAY.INI
[2006/11/10 20:48:09 | 000,000,000 | R--- | C] () -- C:\WINDOWS\VMARK.INI
[2006/10/16 17:38:57 | 361,392,128 | ---- | C] () -- C:\Program Files\ACT!2005.iso
[2006/10/13 11:30:47 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/09/07 18:35:58 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/11/10 21:23:33 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/11/10 21:23:07 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/09/20 15:43:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/07/06 16:46:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/10 23:46:03 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2004/06/25 15:01:24 | 000,035,499 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\FASTWiz.log
[2004/06/19 15:58:18 | 000,008,349 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/02 09:38:51 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPSIO2.SYS
[2004/06/02 09:38:24 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/05/20 17:32:53 | 000,000,139 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/05/19 15:06:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2004/05/19 14:50:37 | 000,000,895 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/19 14:50:33 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/05/18 06:57:09 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/17 21:01:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\pmw.INI
[2004/05/15 12:52:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/05/15 12:50:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/05/15 12:48:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/05/15 10:56:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/05/15 10:12:37 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2004/05/14 23:06:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\fusioncache.dat
[2004/05/14 17:26:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 12:38:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/05/06 18:36:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/06 18:20:25 | 000,000,314 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/05/06 18:04:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/06 17:59:00 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/22 16:58:10 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 13:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/20 21:21:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hsapi.dll
[2001/12/20 21:21:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSAPI.DLL
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL Extras logfile created on: 3/20/2010 6:53:44 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Elvis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 18.00% Memory free
920.00 Mb Paging File | 483.00 Mb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.61 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.14 Mb Total Space | 5.06 Mb Free Space | 33.44% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Elvis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo!)
"C:\AIGAG\Connections\NetUpdate.exe" = C:\AIGAG\Connections\NetUpdate.exe:*:Disabled:NetUpdate -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21F6B15F-1198-4FA2-8F31-5A24C1FBE144}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4F95DDF0-BCEA-4FFF-AD4A-793336DD7AED}" = MREP Custom Review Builder
"{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}" = PDFlib 4.0.1
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9D5F3034-9EE0-48DB-8A45-1A1507E980FC}" = Real Estate Success System
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1EB35F6-20EC-4D59-82EF-88E8A0241A2C}" = Perfect Attorney
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"ACT! 4.0 for Windows" = ACT! 4.0 for Windows
"Active Disk" = Active Disk
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"Buying, Selling and Holding" = Trust Associates Buying, Selling and Holding 2005.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Corel Applications" = Corel Applications
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DAO 3.5" = DAO 3.5
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"GTRemote Client" = TechConnect
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAS Auto-Fill Bonus Disk" = Trust Associates MAS Auto-Fill Bonus Disk 2008.1
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.06 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MID Converter 3.2" = MID Converter 3.2
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MPI Bonus Disk" = Trust Associates MPI Bonus Disk 2008.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure
"Russ Whitney's Business Success System Software" = Russ Whitney's Business Success System Software
"Shockwave" = Shockwave
"Short Sale Profits" = Trust Associates Short Sale Profits 2008.1
"Skype_is1" = Skype 2.5
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Street Smart Asset Protection - TRUSTS" = Trust Associates Street Smart Asset Protection - TRUSTS 2007.3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Work For Equity Program" = Trust Associates Work For Equity Program 2007.3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Music Engine" = Yahoo! Music Jukebox
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Options 360™" = Options 360™
"Pilot Desktop" = Palm Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2010 1:00:37 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\4e044.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 3/8/2010 1:00:37 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\4e044.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 3/8/2010 1:00:37 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\2f654.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 3/8/2010 1:00:37 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\2f654.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 3/11/2010 1:14:03 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\WindowsDefender[1].msi is
not permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 3/11/2010 1:15:45 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Administrator\Local
Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\WindowsDefender[1].msi is
not permitted due to an error in software restriction policy processing. The object
cannot be trusted.

Error - 3/11/2010 2:11:19 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Elvis\Local Settings\Temporary
Internet Files\Content.IE5\FYTKX3UE\WindowsDefender[1].msi is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 3/17/2010 9:34:36 PM | Computer Name = OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 9:34:48 PM | Computer Name = OFFICE | Source = Application Hang | ID = 1001
Description = Fault bucket 1608518328.

Error - 3/19/2010 10:22:47 PM | Computer Name = OFFICE | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 3/19/2010 7:43:14 PM | Computer Name = OFFICE | Source = Print | ID = 23
Description = Printer Lexmark Z23-Z33,0 failed to initialize because a suitable
Lexmark Z23-Z33 driver could not be found.

Error - 3/19/2010 9:02:35 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 3/19/2010 9:02:35 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The SAVRoam service failed to start due to the following error: %%3

Error - 3/19/2010 9:03:47 PM | Computer Name = OFFICE | Source = Print | ID = 23
Description = Printer Lexmark Z23-Z33,0 failed to initialize because a suitable
Lexmark Z23-Z33 driver could not be found.

Error - 3/19/2010 10:25:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 3/19/2010 10:25:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The SAVRoam service failed to start due to the following error: %%3

Error - 3/19/2010 10:27:13 PM | Computer Name = OFFICE | Source = Print | ID = 23
Description = Printer Lexmark Z23-Z33,0 failed to initialize because a suitable
Lexmark Z23-Z33 driver could not be found.

Error - 3/19/2010 10:34:40 PM | Computer Name = OFFICE | Source = Print | ID = 23
Description = Printer Lexmark Z23-Z33,0 failed to initialize because a suitable
Lexmark Z23-Z33 driver could not be found.

Error - 3/19/2010 10:34:41 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 3/19/2010 10:34:41 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The SAVRoam service failed to start due to the following error: %%3


< End of report >


#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 20 March 2010 - 11:53 AM

Hi-

Why can't you use the computer as is for your presentation on Monday? What is wrong with the computer that would prevent you from using it on Monday?

In normal boot mode:

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

To disable the AVG-9 anti-virus:
  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Un-tick the option Resident Shield active.
  • Save the changes.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • If ComboFix asks if you wish to install the Recovery Console, respond with a "Yes"
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new OTL log for further review.
If ComboFix will not run, run Rkill and then try to run ComboFix again.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall


Shannon

#13 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 March 2010 - 03:15 PM

Shannon - Here it is. I was able to transfer my powerpoint to my laptop for use on Monday.

Thanks much
Oxblood

ComboFix 10-03-19.08 - Elvis 03/20/2010 14:46:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.92 [GMT -5:00]
Running from: c:\documents and settings\Elvis\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Elvis\Local Settings\Temporary Internet Files\bLo15.jpg
c:\documents and settings\Elvis\Local Settings\Temporary Internet Files\bmM7k.jpg
c:\documents and settings\Elvis\Local Settings\Temporary Internet Files\nNmBaK6m.jpg
c:\documents and settings\Elvis\Local Settings\Temporary Internet Files\xA8km.jpg
c:\program files\INSTALL.LOG
c:\windows\patch.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\launcher.exe
c:\windows\system32\userdata.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 22:25 . 2010-03-19 22:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-18 13:38 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\Elvis\Application Data\Malwarebytes
2010-03-17 22:09 . 2010-03-17 22:09 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-17 22:09 . 2010-03-17 22:09 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-17 22:09 . 2010-03-17 22:09 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-17 22:08 . 2010-03-17 22:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 04:15 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 18:01 . 2010-03-10 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-10 18:01 . 2010-03-10 18:01 -------- d-----w- c:\program files\RegCure
2010-03-10 16:42 . 2010-03-10 16:43 1936624 ----a-w- c:\temp\CureSetup_CB.exe
2010-03-09 21:44 . 2010-03-09 21:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-09 21:44 . 2010-03-20 19:37 -------- d-----w- c:\temp\Malwarebytes' Anti-Malware
2010-03-09 21:44 . 2010-03-09 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-08 15:17 . 2010-03-08 15:28 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-08 15:14 . 2010-03-08 15:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-08 15:13 . 2010-03-08 15:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-04 15:46 . 2010-03-04 15:49 20829680 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-04 15:45 . 2010-03-04 15:46 8405312 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-04 15:44 . 2010-03-04 15:44 149000 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-04 15:44 . 2010-03-04 15:44 10309448 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-04 15:42 . 2010-03-04 15:42 283280 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-04 15:42 . 2010-03-04 15:42 181768 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-04 15:42 . 2010-03-04 15:42 79368 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-04 15:42 . 2010-03-04 15:42 64000 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-04 15:42 . 2010-03-04 15:42 52288 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-04 15:42 . 2010-03-04 15:42 50688 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-04 15:42 . 2010-03-04 15:42 49152 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-04 15:42 . 2010-03-04 15:42 118784 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-04 07:41 . 2010-03-04 07:41 439816 ----a-w- c:\documents and settings\Elvis\Application Data\Real\Update\setup3.10\setup.exe
2010-02-19 14:41 . 2010-02-19 14:41 65024 ----a-w- c:\windows\system32\mrtMngr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 19:19 . 2005-11-10 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-20 02:31 . 2008-07-09 19:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-20 02:23 . 2007-11-18 19:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-17 22:08 . 2010-01-17 18:49 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 22:08 . 2010-01-17 18:50 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 22:07 . 2010-01-17 18:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-23 20:36 . 2006-09-21 19:19 -------- d-----w- c:\documents and settings\Elvis\Application Data\Skype
2010-02-14 04:21 . 2010-02-14 04:21 -------- d-----w- c:\program files\MozyHome
2010-02-14 03:30 . 2004-10-04 22:08 -------- d-----w- c:\program files\PSS
2010-01-15 13:43 . 2010-01-15 13:43 152576 ----a-w- c:\documents and settings\Elvis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-15 13:43 . 2010-01-15 13:43 79488 ----a-w- c:\documents and settings\Elvis\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-14 16:09 . 2004-05-12 00:38 90728 ----a-w- c:\documents and settings\Elvis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 17:36 . 2010-02-14 04:21 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2005-06-18 05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2006-08-10 05:22 . 2006-10-16 22:38 361392128 ----a-w- c:\program files\ACT!2005.iso
2004-06-02 14:52 . 2004-06-02 14:51 3696336 ----a-w- c:\program files\dgt.exe
2001-09-28 23:00 . 2007-10-03 00:18 164864 ----a-w- c:\program files\UNWISE.EXE
.

------- Sigcheck -------

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 17:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 17:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-06 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ACT! Speed Loader.lnk - c:\program files\Symantec\ACT\ACTLDR.EXE [2006-11-10 34816]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-5-19 282624]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
SideACT!.lnk - c:\program files\Symantec\ACT\SideACT.exe [2006-11-10 176640]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 22:08 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-02 20:00 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
2002-09-24 21:39 147456 ----a-w- c:\program files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 13:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 13:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-10-08 14:49 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-05-06 23:23 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 19:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/17/2010 1:50 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [1/17/2010 1:49 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 5:08 PM 308064]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [5/19/2004 2:50 PM 36404]
R2 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\PPSIO2.SYS [6/2/2004 9:38 AM 22400]
S2 gupdate1ca34ac16d3a4ce;Google Update Service (gupdate1ca34ac16d3a4ce);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 2:55 PM 133104]
S3 palmusb;USB Comm driver (WDM);c:\windows\SYSTEM32\DRIVERS\palmusb.sys [12/20/2001 9:21 PM 72800]
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 19:54]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 19:54]

2010-03-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-03-20 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-03-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{8CBC8DDE-230E-42EC-8D41-D65D20391EB5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
Trusted Zone: musicmatch.com
FF - ProfilePath - c:\documents and settings\Elvis\Application Data\Mozilla\Firefox\Profiles\gd1mtlel.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Elvis\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-PrimaLauncher - c:\windows\System32\Launcher.exe
MSConfigStartUp-URLLSTCK - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-03-20 15:02:00
ComboFix-quarantined-files.txt 2010-03-20 20:01

Pre-Run: 26,331,389,952 bytes free
Post-Run: 26,495,582,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4D778BA84A00DBC5F77989987F0301C4
OTL logfile created on: 3/20/2010 3:04:01 PM - Run 2
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Elvis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 110.00 Mb Available Physical Memory | 29.00% Memory free
920.00 Mb Paging File | 622.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.71 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.14 Mb Total Space | 5.06 Mb Free Space | 33.44% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Elvis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
PRC - [2010/03/17 17:08:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 17:08:41 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 17:08:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 17:07:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 17:07:40 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 21:09:14 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2000/06/14 15:11:00 | 000,282,624 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE
PRC - [1998/02/27 05:00:00 | 000,176,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\ACT\SideACT.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SAVRoam)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2010/03/17 17:08:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/02 15:00:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2003/08/06 16:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/09/24 16:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 14:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)


========== Driver Services (SafeList) ==========

DRV - [2010/03/17 17:08:53 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 17:08:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 17:07:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/04/13 13:41:00 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ppa3.sys -- (ppa3)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/16 15:48:45 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/07/16 15:47:10 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/07/16 15:47:09 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/07/16 15:47:09 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/07/16 15:47:09 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/07/16 15:46:15 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/07/16 15:42:26 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/07/16 15:42:25 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/07/16 15:42:24 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/07/16 15:34:22 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/07/16 15:26:33 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/07/16 15:25:32 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/07/16 15:24:23 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/07/16 15:24:22 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/07/16 15:24:09 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/04 14:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/12/20 21:21:16 | 000,072,800 | ---- | M] (Moore Computer Consultants, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\palmusb.sys -- (palmusb) USB Comm driver (WDM)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/11/05 18:43:24 | 000,036,404 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MrtRate.sys -- (mrtRate)
DRV - [1999/04/02 10:16:28 | 000,022,400 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PPSIO2.SYS -- (ppsio2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/18 08:36:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/13 10:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/13 10:41:47 | 000,000,000 | ---D | M]

[2009/04/30 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Extensions
[2007/02/15 20:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\gd1mtlel.default\extensions
[2007/11/18 14:06:55 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\gd1mtlel.default\searchplugins\search.xml
[2010/02/13 10:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.com/real/player/download...ne_Inst_Win.cab (RhapsodyPlayerEngineCtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.tscmaps.com/shared/viewer/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mandtuniversity.webex.com/client/v_...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (SDEarlyDelete) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 14:43:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/20 14:40:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/20 14:40:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/20 14:40:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/20 14:40:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/20 14:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/20 14:40:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/19 21:31:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/19 18:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Desktop\RootRepeal
[2010/03/19 17:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/18 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Application Data\Malwarebytes
[2010/03/17 20:25:01 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
[2010/03/17 17:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elvis\Desktop\gmer
[2010/03/17 17:08:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/10 23:15:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 13:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/03/10 13:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/03/09 16:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/08 10:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/03 18:51:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Elvis\My Documents\My Pictures
[2010/02/19 09:41:42 | 000,065,024 | ---- | C] (Marimba Inc.) -- C:\WINDOWS\System32\mrtMngr.exe
[2010/01/17 13:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/17 13:46:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/17 13:46:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/13 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/13 14:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/11/10 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/10/06 00:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/02 09:51:52 | 003,696,336 | ---- | C] (iCentric Corp.) -- C:\Program Files\dgt.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elvis\My Documents\*.tmp files -> C:\Documents and Settings\Elvis\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 15:05:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8CBC8DDE-230E-42EC-8D41-D65D20391EB5}.job
[2010/03/20 15:02:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/20 14:56:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/20 14:43:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/20 14:39:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/20 14:38:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/20 14:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/20 14:37:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/20 14:37:47 | 400,625,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 14:36:41 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Elvis\ntuser.dat
[2010/03/20 14:36:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Elvis\NTUSER.INI
[2010/03/20 14:36:20 | 007,479,184 | -H-- | M] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\IconCache.db
[2010/03/20 14:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/20 14:11:08 | 003,895,816 | R--- | M] () -- C:\Documents and Settings\Elvis\Desktop\ComboFix.exe
[2010/03/20 08:34:12 | 057,417,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/20 06:39:23 | 000,006,458 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/03/20 06:39:23 | 000,004,660 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/19 18:07:29 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\RootRepeal.zip
[2010/03/19 17:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/19 11:31:59 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/18 13:43:02 | 000,000,895 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/03/17 20:25:09 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elvis\Desktop\OTL.exe
[2010/03/17 17:20:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\gmer.zip
[2010/03/17 17:12:32 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\rkill.com
[2010/03/17 17:08:53 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/17 17:08:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/17 17:08:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/17 17:08:29 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\rkill.exe
[2010/03/17 17:07:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/15 09:44:20 | 000,441,882 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/15 09:44:20 | 000,381,784 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/15 09:44:20 | 000,053,604 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 04:16:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/10 15:45:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\Defogger.exe
[2010/03/10 13:03:08 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\Elvis\Desktop\Shortcut to 2009 contract.lnk
[2010/03/10 13:01:40 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/03/08 12:06:12 | 000,309,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/08 07:30:34 | 000,012,858 | -HS- | M] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784
[2010/02/24 23:46:38 | 000,191,073 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\reflist.pdf
[2010/02/24 23:45:34 | 000,191,073 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\Hydrocarbon.pdf
[2010/02/24 20:16:31 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\ADDENDUM TO LETTER DIRECTION LYRL.doc
[2010/02/24 18:24:44 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Word.lnk
[2010/02/24 17:04:57 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Elvis\My Documents\LYRL'S TRUST.doc
[2010/02/24 04:02:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/19 09:41:42 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\System32\mrtMngr.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elvis\My Documents\*.tmp files -> C:\Documents and Settings\Elvis\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 14:43:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/20 14:43:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/20 14:40:55 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/20 14:40:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/20 14:40:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/20 14:40:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/20 14:40:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/20 14:11:08 | 003,895,816 | R--- | C] () -- C:\Documents and Settings\Elvis\Desktop\ComboFix.exe
[2010/03/19 18:07:28 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\RootRepeal.zip
[2010/03/19 10:53:00 | 400,625,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/17 17:20:01 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\gmer.zip
[2010/03/17 17:12:32 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\rkill.com
[2010/03/17 17:08:28 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\rkill.exe
[2010/03/10 15:45:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Elvis\Desktop\Defogger.exe
[2010/03/10 13:01:45 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/10 13:01:45 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/10 13:01:45 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/10 13:01:40 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/03/07 15:28:09 | 000,012,858 | -HS- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784
[2010/02/24 23:46:38 | 000,191,073 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\reflist.pdf
[2010/02/24 23:45:33 | 000,191,073 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\Hydrocarbon.pdf
[2010/02/24 18:57:23 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Elvis\My Documents\ADDENDUM TO LETTER DIRECTION LYRL.doc
[2010/02/13 22:19:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\HighEdit.ini
[2009/05/22 14:59:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\InstallCode.ini
[2008/11/18 19:16:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/16 03:02:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/29 00:25:48 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw5.ini
[2007/10/02 19:24:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\WinFlex6EXT.ini
[2007/10/02 19:18:48 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2007/10/02 19:16:37 | 000,000,870 | ---- | C] () -- C:\WINDOWS\IPG.ini
[2007/10/02 19:10:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\AIGAGUtility.ini
[2007/10/02 19:08:11 | 000,000,561 | ---- | C] () -- C:\WINDOWS\AIGAGinstalllog.ini
[2007/10/02 19:07:40 | 000,000,359 | ---- | C] () -- C:\WINDOWS\AIG.ini
[2006/11/10 20:48:16 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2006/11/10 20:48:09 | 000,000,443 | ---- | C] () -- C:\WINDOWS\8272A4GS.INI
[2006/11/10 20:48:09 | 000,000,412 | ---- | C] () -- C:\WINDOWS\VIAPLAY.INI
[2006/11/10 20:48:09 | 000,000,000 | R--- | C] () -- C:\WINDOWS\VMARK.INI
[2006/10/16 17:38:57 | 361,392,128 | ---- | C] () -- C:\Program Files\ACT!2005.iso
[2006/10/13 11:30:47 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/09/07 18:35:58 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/11/10 21:23:33 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/11/10 21:23:07 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/09/20 15:43:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/07/06 16:46:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/10 23:46:03 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2004/06/25 15:01:24 | 000,035,499 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\FASTWiz.log
[2004/06/19 15:58:18 | 000,008,349 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/02 09:38:51 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPSIO2.SYS
[2004/06/02 09:38:24 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/05/20 17:32:53 | 000,000,139 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/05/19 15:06:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2004/05/19 14:50:37 | 000,000,895 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/19 14:50:33 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/05/18 06:57:09 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/17 21:01:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\pmw.INI
[2004/05/15 12:52:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/05/15 12:50:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/05/15 12:48:45 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/05/15 10:56:06 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/05/15 10:12:37 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2004/05/14 23:06:25 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\fusioncache.dat
[2004/05/14 17:26:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 12:38:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/05/06 18:36:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/06 18:20:25 | 000,000,314 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/05/06 18:04:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/06 17:59:00 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/22 16:58:10 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 13:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/20 21:21:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hsapi.dll
[2001/12/20 21:21:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSAPI.DLL
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:47 PM

Posted 21 March 2010 - 07:06 PM

Hi-

Now that Combofix has run, let's try the GMER tool again in normal boot mode.
  • Disconnect from the Internet and close all running programs.
  • disable the AVG-9 anti-virus:
    • Open AVG User Interface.
    • Double-click on the Resident Shield.
    • Un-tick the option Resident Shield active.
    • Save the changes.
  • Double click on GMER.exe
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • When the quick scan finishes, click the Scan button in the program window. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button in the program window to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode

We need to run an OTL Fix
  • Please reopen on your desktop.
  • Copy and Paste the following code into the textbox in OTL. Do not include the word "Code"
    CODE
    :OTL
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    [2010/03/07 15:28:09 | 000,012,858 | -HS- | C] () -- C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784
    :commands
    [emptytemp]
  • Push the Run Fix button in the OTL menu bar.
  • OTL may ask to reboot the machine. Please do so if asked.
  • When the fix is complete, click the OK to open the log.
  • A report will open. Copy and Paste that report in your reply.

Don't forget to reactivate your AVG Anit-virus.

In your reply, copy in the GMER log and OTL log. Also, let me know how your computer is running now and if there are any more problems with it. Since there is a Microsoft program (ctfmon.exe) which needs to be replaced, I need to know if you have your Microsoft XP install CD.

Thanks,

Shannon

#15 oxblood

oxblood
  • Topic Starter

  • Members
  • 233 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 March 2010 - 12:07 PM

Shannon - My system seems much better. I just hope this XP 2010 does not reoccur at a later date. I do have my XP systems disk. Thank you so much for all the help. I await your reply.

Thanx
Oxblood

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-22 11:26:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Elvis\LOCALS~1\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Elvis\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Elvis\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\mozyFilter@LogFile \??\C:\Program Files\MozyHome\Data\filter_raw.log.1

---- EOF - GMER 1.0.15 ----


All processes killed
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Elvis\Local Settings\Application Data\d1NJm3Vp784 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2979 bytes
->Flash cache emptied: 1783 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Elvis
->Temp folder emptied: 99840 bytes
->Temporary Internet Files folder emptied: 56052174 bytes
->Java cache emptied: 162011156 bytes
->FireFox cache emptied: 20864131 bytes
->Google Chrome cache emptied: 54270613 bytes
->Flash cache emptied: 309791 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 742 bytes

User: Karen

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1165461 bytes
%systemroot%\System32 .tmp files removed: 3244049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 284.00 mb


OTL by OldTimer - Version 3.1.37.2 log created on 03222010_115434

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFCE23.tmp not found!
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFCE5D.tmp not found!
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFD263.tmp not found!
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFD27B.tmp not found!
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFD430.tmp not found!
File\Folder C:\Documents and Settings\Elvis\Local Settings\Temp\~DFD449.tmp not found!
C:\Documents and Settings\Elvis\Local Settings\Temporary Internet Files\Content.IE5\U6Z2UV2B\index[1].htm moved successfully.
C:\Documents and Settings\Elvis\Local Settings\Temporary Internet Files\Content.IE5\LRIGHD3U\index[6].htm moved successfully.
C:\Documents and Settings\Elvis\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Elvis\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users