Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What started with Microsoft 2010 Antivirus spam is now more...


  • This topic is locked This topic is locked
23 replies to this topic

#1 jimGbarclay

jimGbarclay

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 11 April 2010 - 06:46 PM

Hello again -

Long story short, my problems were originally posted here: http://www.bleepingcomputer.com/forums/t/307992/having-troubles-with-the-fake-microsoft-antivirus-spywaremalware/. I have since been trying to accomplish the steps laid out by boopme. While attempting to do so, my computer literally locked down and any of the icons on my desktop would no longer work. I rebooted into SAFE MODE and tried to at least get some of the tools downloaded onto my machine. While I was running one of the scans listed in the post, my computer just completely shut down on me.

Since that time I ended up doing a system restore back from a point at the end of March (the 28th) to be exact where this wasn't an issue. From there I have completed the steps asked by boopme in the forum and will post them here. I have also added the Free AVG software to my machine and "findings" pop up from time to time. I've been noticing that when doing a google search the links inside of Google direct me to other links and web sites. Also, my primary browser is Google Chrome and I am still having an issue with that as I'm not even able to launch it. I double click on the application and it just opens a new blank tab and that's all the further it gets.

Overall, I'm a little worried that there is a lot going on in my machine and I just need to get the dang thing back to par.

Thanks for any help in advance!!

(Attaching : attach.txt | ark.txt | hijackthis.txt) -- All from 4.9.10


DDS File:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim at 21:48:51.75 on Fri 04/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2339 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_14\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Google Update] "c:\documents and settings\jim.barclayhome\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: []
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_14\bin\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: []
dRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
StartupFolder: c:\docume~1\jim~1.bar\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jim.barclayhome\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.itagroup.com/+CSCOL+/relayp.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://webvpn.itagroup.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c10/v22.157/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim~1.bar\applic~1\mozilla\firefox\profiles\53iwghtv.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=WS4WiypKM2IwAneTd.YvOg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=29935&searchfor=
FF - plugin: c:\documents and settings\jim.barclayhome\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-1-27 167312]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2008-9-12 23040]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]

=============== Created Last 30 ================

2010-04-10 02:48:20 0 ----a-w- c:\documents and settings\jim.barclayhome\defogger_reenable
2010-04-10 02:34:51 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-08 03:17:02 0 d--h--w- c:\windows\system32\GroupPolicy
2010-04-06 17:13:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 17:13:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-29 03:13:56 0 d-----w- c:\docume~1\jim~1.bar\applic~1\Malwarebytes
2010-03-29 03:13:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 03:13:51 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-03-12 04:50:57 0 d-----w- c:\docume~1\alluse~1.win\applic~1\ArcSoft
2010-03-12 04:50:15 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-03-12 04:49:54 0 d-----w- c:\program files\Kodak
2010-03-11 06:15:01 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-26 01:01:08 1744896 ---ha-w- C:\SZKGFS.dat
2010-03-09 00:55:40 32768 ----a-w- c:\documents and settings\jim.barclayhome\WebVpnRegKey6-webvpn2-itagroup-com.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-04 17:21:26 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-02-04 17:19:02 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-02-04 17:18:28 540672 ----a-r- c:\windows\system32\SZComp5.dll
2008-09-12 19:10:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-12 19:10:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 21:50:00.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:20 PM

Posted 15 April 2010 - 11:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 21 April 2010 - 07:10 PM

Ok - I have finally been able to complete the task to run new scans as requested.

Computer is still having all the same issues as I've stated before. Applications aren't running. IE8 and Chrome wont open. Only Firefox is currently working. When searching with Google, the links re-direct me to rouge sites.

Thank you again for any assistance in advance.



DDS Scan

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim at 22:40:39.76 on Tue 04/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1759 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Google Update] "c:\documents and settings\jim.barclayhome\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_14\bin\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [<NO NAME>]
dRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
StartupFolder: c:\docume~1\jim~1.bar\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jim.barclayhome\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_14\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.itagroup.com/+CSCOL+/relayp.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://webvpn.itagroup.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c10/v22.157/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: TPSvc - TPSvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim~1.bar\applic~1\mozilla\firefox\profiles\53iwghtv.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=WS4WiypKM2IwAneTd.YvOg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=29935&searchfor=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jim.barclayhome\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\java\jre1.5.0_14\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-10 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-10 52872]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-1-27 167312]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-10 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-10 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-10 242896]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-10 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-10 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-10 5888008]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-10 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-10 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-10 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-10 26120]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2008-9-12 23040]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-10 30104]

=============== Created Last 30 ================

2010-04-13 00:13:49 0 d-----w- c:\docume~1\jim~1.bar\applic~1\AVG9
2010-04-10 12:40:05 0 d--h--w- C:\$AVG
2010-04-10 12:39:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-10 12:38:32 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-10 12:38:32 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-10 12:38:30 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 12:38:30 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-10 12:38:14 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-10 12:38:14 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-10 12:37:04 0 d-----w- c:\program files\AVG
2010-04-10 12:36:42 0 d-----w- c:\docume~1\alluse~1.win\applic~1\avg9
2010-04-10 12:31:16 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-04-10 12:31:10 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-04-10 12:31:05 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-04-10 12:31:05 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-04-10 03:29:40 0 d-----w- c:\program files\Trend Micro
2010-04-10 03:03:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-10 03:03:41 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-04-10 02:48:20 0 ----a-w- c:\documents and settings\jim.barclayhome\defogger_reenable
2010-04-10 02:34:51 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-08 03:17:02 0 d--h--w- c:\windows\system32\GroupPolicy
2010-04-06 17:13:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 17:13:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-29 03:13:56 0 d-----w- c:\docume~1\jim~1.bar\applic~1\Malwarebytes
2010-03-29 03:13:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 03:13:51 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2010-04-13 15:12:05 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-26 01:01:08 1744896 ---ha-w- C:\SZKGFS.dat
2010-03-09 00:55:40 32768 ----a-w- c:\documents and settings\jim.barclayhome\WebVpnRegKey6-webvpn2-itagroup-com.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-04 17:21:26 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-02-04 17:19:02 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-02-04 17:18:28 540672 ----a-r- c:\windows\system32\SZComp5.dll
2008-09-12 19:10:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-12 19:10:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 22:45:53.09 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 22 April 2010 - 06:26 PM

Hello, jimGbarclay.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.










Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as jimGbarclayCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on jimGbarclayCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 April 2010 - 10:47 PM

etavares -

Thanks for your response and help so far. I'm following the instructions you have laid out and I'm running into a snag. I have downloaded ComboFix and have it saved to my desktop as jimGbarclayCF.exe. However, when attempting to run it I'm getting an error message.

"Some files could not be created. Please close all applications, reboot Windows and restart this installation"

Am I safe to proceed?

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 23 April 2010 - 07:01 AM

OK, delete that copy off of your desktop, try downloading it again and try running. Same issue or did it work this time?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 April 2010 - 04:30 PM

Gave me the same error.... thumbsdownsmileyanim.gif

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 24 April 2010 - 05:20 PM

Hello, jimGbarclay.
Are you disabling all your security programs per the instructions? This error is either caused by a bad download, which we just ruled out, or something that's interfering with Combofix. That can be malware, but is usually onboard security programs like antiviruses or Teatimer. We'll try to take care of both, along with any malware that is running.




Step 1


Disable AVG as per the instructions here:
AVG FAQ 2429: How to temporarily disable AVG Free Edition 9.0

Disable teatimer:

1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy



Step 2

Please download Rkill by Grinler and save to your desktop.
Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot once you run this tool, it will reset the temporary fixes. This program will help others to run by stopping malware that may interfere with the other tools.



Step 3

Please remove all older versions of ComboFix you currently have.
Download a new version of ComboFix from any of the links below and save it to your Desktop.

Now please run ComboFix using these instructions:
  • Close all applications and windows (including this one) so that you have nothing open and are at your Desktop.
  • Go to Start -> Run...
  • Copy the entire contents inside the CODE box below (do NOT copy the word "CODE" from the CODE box!), and paste them into the empty "Open:" box provided:
CODE
"%userprofile%\Desktop\ComboFix.exe" /killall
  • Click OK and follow the on-screen prompts. When you click Yes at the prompt to allow ComboFix to download and install the Microsoft Windows Recovery Console, you will get the following prompt: "You do not appear to be connected to the internet. Kindly connect before clicking 'OK'". At that point, do NOT click OK yet, but instead, please do this:
    • Go to Start -> Control Panel -> Network and Internet Connections -> Network Connections
    • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click Repair
    • Once done, click Close and exit the Network Connections window.
  • Now click OK in order to let ComboFix download the Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • When the RC is successfully installed, click Yes to continue scanning for malware.
  • When finished, ComboFix shall produce a log for you (located at C:\ComboFix.txt). Post the entire contents of that report in your next reply for further review, and so we may continue cleansing the system.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 April 2010 - 08:40 PM

I was finally able to successfully run the scan.....



ComboFix 10-04-21.01 - Jim 04/24/2010 20:26:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2438 [GMT -5:00]
Running from: c:\documents and settings\Jim.BARCLAYHOME\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\JIM~1.BAR\LOCALS~1\Temp\install_flash_player.exe
c:\recycler\S-1-5-21-436374069-920026266-839522115-1003
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\jestertb.dll

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.

2010-04-21 06:34 . 2010-04-22 00:02 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\jugdbhybo
2010-04-21 03:31 . 2010-04-21 03:31 242696 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 03:30 . 2010-04-21 03:30 1689952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgupd.dll
2010-04-13 00:13 . 2010-04-13 00:13 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\AVG9
2010-04-12 04:04 . 2010-04-12 04:04 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-04-10 12:40 . 2010-04-10 12:40 -------- d-----w- C:\$AVG
2010-04-10 12:39 . 2010-04-10 12:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-10 12:39 . 2010-04-10 12:39 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-10 12:38 . 2010-04-10 12:38 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-10 12:38 . 2010-04-10 12:38 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-10 12:38 . 2010-04-21 03:31 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 12:38 . 2010-04-10 12:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-10 12:38 . 2010-04-10 12:38 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-04-10 12:38 . 2010-04-10 12:38 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-04-10 12:37 . 2010-04-10 12:37 -------- d-----w- c:\program files\AVG
2010-04-10 12:36 . 2010-04-25 01:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2010-04-10 12:31 . 2010-04-10 12:31 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-04-10 03:29 . 2010-04-10 03:29 -------- d-----w- c:\program files\Trend Micro
2010-04-10 03:03 . 2010-04-25 00:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-04-10 03:03 . 2010-04-10 03:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-10 02:37 . 2010-04-10 02:37 -------- d-----w- c:\documents and settings\Administrator.BARCLAYHOME\Local Settings\Application Data\Mozilla
2010-04-10 02:34 . 2010-04-10 02:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-10 02:16 . 2010-04-10 02:16 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-04-10 02:13 . 2010-04-10 02:13 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-04-10 02:12 . 2010-04-10 02:34 -------- d-s---w- c:\documents and settings\Administrator
2010-04-08 03:17 . 2010-04-08 03:17 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-04-06 17:13 . 2010-04-21 06:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 17:13 . 2010-04-06 17:13 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 17:13 . 2010-04-08 14:21 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-03-29 03:13 . 2010-03-29 03:13 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Malwarebytes
2010-03-29 03:13 . 2010-04-10 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 03:13 . 2010-03-29 03:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 01:34 . 2010-04-25 01:26 896 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-25 01:34 . 2010-03-02 01:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2010-04-25 00:37 . 2008-12-06 21:33 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\DNA
2010-04-24 08:00 . 2004-08-04 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-21 08:00 . 2008-09-15 23:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-04-21 03:27 . 2009-02-19 03:53 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox
2010-04-21 03:26 . 2008-12-06 21:33 -------- d-----w- c:\program files\DNA
2010-04-15 01:33 . 2008-09-06 22:10 -------- d-----w- c:\program files\World of Warcraft
2010-04-10 02:44 . 2010-03-12 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2010-04-10 02:44 . 2008-09-06 20:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 02:34 . 2010-02-20 23:45 -------- d-----w- c:\program files\Sportsbook.com Casino
2010-03-26 01:01 . 2010-03-05 02:00 2076672 ---ha-w- C:\SZKGFS.dat
2010-03-12 05:00 . 2010-03-12 04:49 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\ArcSoft
2010-03-12 04:50 . 2010-03-12 04:49 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-12 04:49 . 2010-03-12 04:49 -------- d-----w- c:\program files\Kodak
2010-03-09 00:55 . 2010-03-09 00:55 32768 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\WebVpnRegKey6-webvpn2-itagroup-com.dll
2010-03-09 00:44 . 2009-09-03 03:56 -------- d-----w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\FileZilla
2010-03-02 01:58 . 2010-03-02 01:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2010-03-02 01:57 . 2010-03-02 01:57 -------- d-----w- c:\program files\STOPzilla!
2010-03-02 01:57 . 2010-03-02 01:57 -------- d-----w- c:\program files\Common Files\iS3
2010-03-02 01:21 . 2010-03-02 01:21 -------- d-----w- c:\program files\Lavasoft
2010-03-02 01:21 . 2010-03-02 01:21 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 01:21 . 2010-03-02 01:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-02-26 23:25 . 2009-08-31 21:51 91696 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Uninstall.exe
2010-02-26 23:25 . 2010-02-26 23:24 13264416 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 15:16 . 2009-10-02 16:38 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-04 17:21 . 2010-02-04 17:21 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-02-04 17:19 . 2010-02-04 17:19 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-02-04 17:18 . 2010-02-04 17:18 540672 ----a-r- c:\windows\system32\SZComp5.dll
2010-02-04 15:53 . 2010-03-02 01:21 2954656 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-01-27 16:19 . 2010-01-27 16:19 167312 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jim.BARCLAYHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-30 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2005-07-11 482816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 344064]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 32768]

c:\documents and settings\Jim.BARCLAYHOME\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-14 113664]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-12-1 32768]
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2008-9-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-10 12:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Western Digital\\WD Discovery Software\\WD Discovery.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4/10/2010 7:38 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/10/2010 7:38 AM 52872]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [1/27/2010 11:19 AM 167312]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2010 7:38 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2010 7:38 AM 242896]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/10/2010 7:38 AM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [4/10/2010 7:38 AM 2325816]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 12:51 PM 25824]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4/10/2010 7:38 AM 30104]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [9/12/2008 2:18 PM 23040]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4/10/2010 7:38 AM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/10/2010 7:38 AM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4/10/2010 7:38 AM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4/10/2010 7:38 AM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4/10/2010 7:38 AM 26120]
.
Contents of the 'Scheduled Tasks' folder

2010-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-839522115-1003Core.job
- c:\documents and settings\Jim.BARCLAYHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 04:16]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-839522115-1003UA.job
- c:\documents and settings\Jim.BARCLAYHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 04:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.itagroup.com/+CSCOL+/relayp.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://webvpn.itagroup.com/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\documents and settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=WS4WiypKM2IwAneTd.YvOg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=29935&searchfor=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Jim.BARCLAYHOME\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-24 20:38:25
ComboFix-quarantined-files.txt 2010-04-25 01:38

Pre-Run: 235,890,348,032 bytes free
Post-Run: 238,909,534,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4BE64980FB1633C5930E6B24404044DD


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 25 April 2010 - 06:09 AM

Hello, jimGbarclay.

How is it running now? Please run an OTL log, there were a few other items in the orginal log we need to take care of.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 26 April 2010 - 08:25 PM

etavares -

I have been trying to avoid using the machine as much as possible until we are finished with our scans, so I cant really tell you if it has been running any better.
Here are the two scans you requested:

OTL logfile created on: 4/26/2010 7:11:51 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Jim.BARCLAYHOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 222.33 Gb Free Space | 74.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARCLAYHOME
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/26 19:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\OTL.exe
PRC - [2010/04/20 22:31:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/14 20:31:34 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/10 08:53:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/10 07:39:11 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/10 07:39:09 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/10 07:38:51 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/10 07:38:30 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/10 07:38:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/01 18:46:22 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/02/04 12:23:30 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2009/11/13 09:24:16 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/04/17 12:51:06 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/10/29 22:07:18 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 12:02:06 | 000,562,416 | ---- | M] (Belkin Corporation) -- C:\Program Files\Belkin\Nostromo\nost_LM.exe
PRC - [2006/11/15 09:05:00 | 001,121,016 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/22 02:00:10 | 000,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/07/11 10:44:26 | 000,482,816 | ---- | M] () -- C:\Program Files\MSI\Live Update 3\LMonitor.exe
PRC - [2004/06/03 03:51:27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/06/03 03:50:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 19:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\OTL.exe
MOD - [2007/08/16 12:01:30 | 000,062,704 | ---- | M] (eTEK Labs) -- C:\Program Files\Belkin\Nostromo\nost_FSH.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/10 07:38:51 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/10 07:38:28 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/10 07:38:19 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/04 12:23:30 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2009/04/17 12:51:06 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)


========== Driver Services (SafeList) ==========

DRV - [2010/04/20 22:31:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/10 07:39:48 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/10 07:38:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/10 07:38:32 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/04/10 07:38:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/10 07:38:20 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/04/10 07:38:20 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/04/10 07:38:20 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/04/10 07:38:14 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/04/10 07:38:14 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/01/27 11:19:32 | 000,167,312 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/05/20 18:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/14 10:57:38 | 000,023,040 | R--- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2006/12/02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/01 08:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 08:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/09/15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 09:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/26 04:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/17 04:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/04/05 14:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 14:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 01:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 20:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 20:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/05/02 03:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVCplDrv.sys -- (GVCplDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-1417001333-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=WS4WiypKM2IwAneTd.YvOg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=29935&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/24 20:25:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 20:31:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 20:31:41 | 000,000,000 | ---D | M]

[2008/09/29 21:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Extensions
[2010/04/22 22:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\extensions
[2008/10/18 22:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/11 21:30:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\extensions\personas@christopher.beard
[2009/05/13 21:10:54 | 000,009,899 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Mozilla\Firefox\Profiles\53iwghtv.default\searchplugins\mywebsearch.xml
[2010/04/22 22:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/15 21:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/04/05 18:30:22 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe ()
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKU\S-1-5-18..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-343818398-1417001333-839522115-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-343818398-1417001333-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-1417001333-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk = C:\WINDOWS\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk = C:\WINDOWS\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Jim.BARCLAYHOME\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\NPJPI150_14.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://webvpn.itagroup.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://webvpn.itagroup.com/CACHE/sdesktop/...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c10/v22.157/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.179.251
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/07 22:27:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-343818398-1417001333-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 19:11:18 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\OTL.exe
[2010/04/24 20:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/24 19:33:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/24 19:30:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/24 19:30:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/24 19:30:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/24 19:30:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/24 19:30:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/24 19:30:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/14 20:32:18 | 006,521,820 | ---- | C] (Mozilla) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Firefox Setup 3.6.3.exe
[2010/04/12 19:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\AVG9
[2010/04/10 07:40:05 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/04/10 07:39:48 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 07:39:47 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 07:38:32 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/10 07:38:32 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/10 07:38:30 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/10 07:38:30 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 07:38:14 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/10 07:38:14 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/10 07:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/10 07:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/04/10 07:31:05 | 000,060,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010/04/10 07:31:05 | 000,060,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2010/04/09 22:34:46 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/09 22:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/09 22:29:15 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\HJTInstall.exe
[2010/04/09 22:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/09 22:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/04/09 21:12:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/07 23:02:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\spybotsd162.exe
[2010/04/07 22:17:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/03/28 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim.BARCLAYHOME\Application Data\Malwarebytes
[2010/03/28 22:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/28 22:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 19:14:04 | 059,288,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/26 19:11:18 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\OTL.exe
[2010/04/26 19:09:33 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nostromo Loadout Manager.lnk
[2010/04/26 19:09:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 18:57:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-839522115-1003UA.job
[2010/04/26 17:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/26 00:57:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-839522115-1003Core.job
[2010/04/25 03:20:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 03:20:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 03:18:04 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\ntuser.dat
[2010/04/25 03:17:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\ntuser.ini
[2010/04/25 03:02:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/24 20:34:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 19:33:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/24 19:22:15 | 000,582,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/04/24 19:21:13 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\ComboFix.exe
[2010/04/24 19:19:09 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\rkill.scr
[2010/04/24 03:00:02 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/04/21 01:34:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 22:31:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/14 20:34:20 | 006,521,820 | ---- | M] (Mozilla) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Firefox Setup 3.6.3.exe
[2010/04/14 20:19:44 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2010/04/14 20:15:31 | 004,324,384 | -H-- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\IconCache.db
[2010/04/11 23:56:20 | 000,009,742 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Chrome_bookmarks(4.11.10).html
[2010/04/11 14:49:57 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/11 14:49:57 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/11 14:49:57 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/10 07:39:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 07:39:50 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 9.0.lnk
[2010/04/10 07:39:48 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 07:39:47 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/10 07:38:32 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/04/10 07:38:32 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/04/10 07:38:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 07:38:14 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/04/10 07:38:14 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/04/10 07:31:17 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/04/10 07:31:16 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/04/10 07:31:05 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010/04/10 07:31:05 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
[2010/04/09 22:34:48 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/04/09 22:29:40 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\HijackThis.lnk
[2010/04/09 22:29:16 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\HJTInstall.exe
[2010/04/09 22:03:44 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Spybot - Search & Destroy.lnk
[2010/04/09 21:51:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\gmer.zip
[2010/04/09 21:48:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\dds.scr
[2010/04/09 21:48:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\defogger_reenable
[2010/04/09 21:47:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Defogger.exe
[2010/04/09 21:44:59 | 000,002,366 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Google Chrome.lnk
[2010/04/07 23:02:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\spybotsd162.exe
[2010/04/07 22:04:17 | 003,064,736 | ---- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\ventrilo-3.0.4-Windows-i386.exe
[2010/04/07 20:02:46 | 000,013,440 | -HS- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\3Yfi
[2010/04/07 20:02:46 | 000,013,440 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\3Yfi
[2010/04/07 19:54:34 | 000,013,456 | -HS- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\4019432185
[2010/04/07 19:54:34 | 000,013,456 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\2577180388
[2010/04/07 19:53:19 | 000,013,448 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\4019432185
[2010/04/07 19:09:22 | 000,013,456 | -HS- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\2577180388
[2010/04/06 12:13:58 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 23:18:34 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Jim.BARCLAYHOME\My Documents\Default.rdp
[2010/04/05 18:30:22 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 19:33:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/24 19:33:36 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/24 19:30:53 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 19:30:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/24 19:30:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/24 19:30:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 19:30:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/24 19:21:13 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\ComboFix.exe
[2010/04/24 19:19:09 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\rkill.scr
[2010/04/11 23:56:20 | 000,009,742 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Chrome_bookmarks(4.11.10).html
[2010/04/10 07:39:50 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 9.0.lnk
[2010/04/10 07:31:16 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/04/10 07:31:10 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/04/09 22:29:40 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\HijackThis.lnk
[2010/04/09 22:03:44 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Spybot - Search & Destroy.lnk
[2010/04/09 21:51:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\gmer.zip
[2010/04/09 21:48:36 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\dds.scr
[2010/04/09 21:48:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\defogger_reenable
[2010/04/09 21:47:55 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\Defogger.exe
[2010/04/07 01:09:16 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\2577180388
[2010/04/06 14:53:30 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\4019432185
[2010/04/06 14:53:30 | 000,013,456 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\2577180388
[2010/04/06 14:53:05 | 000,013,448 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\4019432185
[2010/04/06 14:53:05 | 000,013,440 | -HS- | C] () -- C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\3Yfi
[2010/04/06 12:13:59 | 000,013,440 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\3Yfi
[2010/04/06 12:13:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 12:13:58 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/11/20 20:59:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/22 19:55:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/09/23 12:19:47 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/23 12:19:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/12 14:40:25 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2008/09/12 14:40:25 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2008/09/12 14:40:25 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2008/09/12 14:40:25 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2008/09/12 14:40:25 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2008/09/12 14:40:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2008/09/12 14:40:25 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2008/09/12 14:40:25 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2008/09/12 14:40:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2008/09/12 14:40:25 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2008/09/12 14:40:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2008/09/12 14:40:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2008/09/12 14:40:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2008/09/12 14:40:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2008/09/12 14:40:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2008/09/12 14:40:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2008/09/12 14:40:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2008/09/12 14:40:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2008/09/12 14:40:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2008/09/07 22:45:02 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008/09/07 22:39:41 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/09/07 22:37:32 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/09/07 22:35:07 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/01/17 12:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2001/11/19 19:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\ventrilo-3.0.4-Windows-i386.exe:SummaryInformation
< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 4/26/2010 7:11:51 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Jim.BARCLAYHOME\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 222.33 Gb Free Space | 74.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARCLAYHOME
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe" = C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}" = Nostromo
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{619B9647-7157-41DA-B2D5-1CA246C1F8CA}" = STOPzilla
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C70D3E4-8965-4C28-9B19-B526CD9F1C9F}" = ArcSoft MediaImpression for Kodak
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A05F4733-B223-488B-88FE-6EA9D5940380}" = ScheduleVIEW 3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}" = ATI Catalyst Control Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8DEF1A3-B91E-4935-914A-2AF55C3FC971}" = MLB 2K9
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"FileZilla Client" = FileZilla Client 3.2.7.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSI Live Update 3" = MSI Live Update 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RocketDock_is1" = RocketDock 1.3.5
"Sportsbook.com" = Sportsbook.com
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-1417001333-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"727d1ea1876aa06e" = WowAceUpdater
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.1.0.366
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2010 12:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 1:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 2:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 3:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 4:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 5:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 6:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/24/2010 7:57:05 PM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/25/2010 2:57:05 AM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

Error - 4/25/2010 3:57:05 AM | Computer Name = BARCLAYHOME | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 4/20/2010 11:25:48 PM | Computer Name = BARCLAYHOME | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/20/2010 11:25:48 PM | Computer Name = BARCLAYHOME | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/20/2010 11:25:52 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 4/20/2010 11:26:09 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 4/20/2010 11:26:10 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 4/20/2010 11:26:40 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 4/20/2010 11:26:41 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 4/23/2010 8:29:21 PM | Computer Name = BARCLAYHOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/24/2010 9:26:26 PM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde

Error - 4/25/2010 4:20:24 AM | Computer Name = BARCLAYHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >






#12 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 26 April 2010 - 09:31 PM

One thing that I noticed on here and you also brought up was the discontinued use of BitTorrent. I actually did delete bitTorrent quite a few months ago. I did the uninstall method through the control panel.

Just interesting to see it still there or maybe parts of it.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 27 April 2010 - 06:35 PM

Hello, jimGbarclay.

OK, look for "DNA" in the Add/remove Programs...do you see that there? That's part of BitTorrent. You can uninstall via Add/Remove Programs. I also personally suggest to remove StopZilla as well, but that's my own personal viewpoint. If you can't find DNA, let me know, and we can manually rip out, although not preferred.



Step 1

Please pull anything out of hte recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=WS4WiypKM2IwAneTd.YvOg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=29935&searchfor="
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.179.251
    O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jim.BARCLAYHOME\Desktop\ventrilo-3.0.4-Windows-i386.exe:SummaryInformation
    :Files
    C:\SZKGFS.dat
    C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\3Yfi
    C:\Documents and Settings\All Users.WINDOWS\Application Data\3Yfi
    C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\4019432185
    C:\Documents and Settings\All Users.WINDOWS\Application Data\2577180388
    C:\Documents and Settings\All Users.WINDOWS\Application Data\4019432185
    C:\Documents and Settings\Jim.BARCLAYHOME\Local Settings\Application Data\2577180388
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\DNA\btdna.exe"=-
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 30 April 2010 - 06:38 PM

still with us?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 jimGbarclay

jimGbarclay
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 May 2010 - 10:01 PM

I am ...sorry. Been gone for a while.

Working on scans tonight..

THx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users