Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Zenith2012

Zenith2012

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States of America
  • Local time:06:25 AM

Posted 26 May 2010 - 12:49 PM

here are the HijackThis and Otl scans i did. i hope you find something and can help me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:39 PM, on 5/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://minneapolis.craigslist.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R3 - URLSearchHook: (no name) - *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------------------------------------------------



OTL logfile created on: 5/26/2010 12:42:51 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.77 Gb Total Space | 116.65 Gb Free Space | 84.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 12:31:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2010/04/24 00:14:21 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/21 09:37:38 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 09:37:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 09:13:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/14 19:16:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 19:16:17 | 000,751,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/14 19:16:05 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/07 23:26:50 | 001,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/02/07 13:13:20 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2009/02/07 12:59:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/24 04:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/26 12:31:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
MOD - [2009/02/07 13:13:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (dopewars-server)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirScheduler)
SRV - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 09:37:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 19:16:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 19:16:06 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/23 16:30:32 | 000,033,256 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/07 23:26:50 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/30 11:21:03 | 000,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/06/27 15:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/06/16 11:04:38 | 000,035,712 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/10/26 11:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/06/02 11:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/06/02 10:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/25 08:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://minneapolis.craigslist.org/
IE - HKCU\..\URLSearchHook: *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.hulu.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 22:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/21 21:55:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 00:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 00:14:31 | 000,000,000 | ---D | M]

[2009/07/26 14:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions
[2009/07/26 15:06:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 16:27:56 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/10/01 10:32:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/11/15 16:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/26 14:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/...login-devel.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 12:26:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/05/06 17:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/04 03:04:27 | 000,000,000 | ---D | C] -- C:\Diablo II
[2010/05/04 02:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\D2LOD-1.12A-enUS
[2010/05/03 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\D2-1.12A-enUS
[2010/05/03 21:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/04/30 02:38:32 | 000,000,000 | ---D | C] -- C:\GamersFirst
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 12:29:34 | 060,395,639 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/26 12:27:29 | 000,055,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\prvlcl.dat
[2010/05/26 12:27:02 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70B1E64C-25FA-44F2-9FAC-CC0E4A53FE18}.job
[2010/05/25 16:25:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009UA.job
[2010/05/24 18:25:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009Core.job
[2010/05/24 18:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/24 09:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/17 17:02:51 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/05/12 04:02:21 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/12 04:01:20 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/12 04:00:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 04:00:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 04:00:49 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 03:59:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/05/12 03:59:45 | 001,576,354 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/05/12 03:03:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/06 17:57:15 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/06 17:55:43 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HiJackThis.msi
[2010/05/04 04:11:46 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 03:03:16 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/06 17:56:49 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/06 17:55:34 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HiJackThis.msi
[2010/05/04 04:09:28 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk
[2009/08/02 20:05:17 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/02 20:05:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/27 13:56:46 | 000,002,442 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
[2009/02/07 23:26:50 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/02/07 13:45:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/07 13:42:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/07 13:42:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/07 13:42:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/07 13:42:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/07 13:12:21 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2009/02/07 13:12:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2009/02/07 13:11:55 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/07 13:08:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/07 12:53:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009/02/07 12:51:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009/02/07 12:47:08 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/02/07 12:47:08 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009/02/07 12:36:54 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/11/20 13:32:40 | 005,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll
[2007/11/20 13:32:40 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll
[2007/11/20 13:32:40 | 000,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll
[2007/11/20 13:32:39 | 004,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll
[2007/11/20 13:32:39 | 000,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll
[2007/11/20 13:32:39 | 000,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll
[2007/11/20 13:32:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll
[2005/05/04 08:19:24 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/04 08:19:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/04 08:19:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 12:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 23:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
< End of report >

"Man's mind, once stretched by a new idea, never regains its original dimensions." -Oliver Wendell Holmes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 28 May 2010 - 06:14 AM

Hello and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


Can you please tell me what problems you are having and why you think you are infected?

  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.




Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Once you have run these scans please run OTL again and post back here with the new log.


Then please post back here with the following:
  • Gmer log
  • mbam log
  • New OTL log

Thanks

unite.jpg


#3 Zenith2012

Zenith2012
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States of America
  • Local time:06:25 AM

Posted 29 May 2010 - 02:15 PM

Problems-
-Running slow
-Download very slow
-Anti-virus, anti-spyware, and firewalls don't seem to work. AVG free 9.0. i've tried avira but that doesnt seem to work either.
-Latest Java Updates Errors and won't install.
-Can't watch certain video players that are common on the net like div-x player.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 00:35:53
Windows 5.1.2600 Service Pack 2
Running: pbh6zzhl.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ffxdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB1C42FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB1C3FC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB1C5A170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB1C43580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB1C57900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB1C57B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB1C5BB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB1C43670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB1C40210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB1C5A9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB1C5A7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB1C57280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB1C5AF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB1C5AF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB1C40070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB1C59180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB1C58F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB1C5B6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB1C5B150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB1C42BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB1C5B540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB1C43190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB1C40440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB1C5A4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB1C58200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB1C58080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23EC 805012DC 12 Bytes [80, 35, C4, B1, 00, 79, C5, ...]
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B1C47B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B1C45E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B1C48260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B1C47930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A99C0C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



-------------------------------------------------------------------------------------------------------------------------------------



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4153

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/29/2010 1:33:57 AM
mbam-log-2010-05-29 (01-33-57).txt

Scan type: Quick scan
Objects scanned: 136066
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp.tieadvbho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\temp (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\keys (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\temp\spfilter (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\temp\settings.ini (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\keys\sp.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\keys\sc.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\keys\rd.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\keys\cg.key (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\sp.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\sm.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\sc.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\rd.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\mw.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Privacy components\dbases\cg.dat (Rogue.PrivacyComponents) -> Quarantined and deleted successfully.



------------------------------------------------------------------------------------------------------------------------------------------



OTL logfile created on: 5/29/2010 1:44:49 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.77 Gb Total Space | 116.69 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 12:31:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2010/04/24 00:14:21 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/21 09:37:38 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 09:37:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 09:13:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/14 19:16:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/14 19:16:05 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/07 23:26:50 | 001,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/02/07 13:13:20 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2009/02/07 12:59:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/24 04:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/26 12:31:37 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
MOD - [2009/02/07 13:13:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (dopewars-server)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirScheduler)
SRV - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 09:37:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 19:16:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 19:16:06 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/23 16:30:32 | 000,033,256 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/07 23:26:50 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/30 11:21:03 | 000,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/06/27 15:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/06/16 11:04:38 | 000,035,712 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/10/26 11:06:30 | 000,356,096 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/06/02 11:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/06/02 10:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/25 08:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://minneapolis.craigslist.org/
IE - HKCU\..\URLSearchHook: *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.hulu.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 22:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/21 21:55:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 00:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 00:14:31 | 000,000,000 | ---D | M]

[2009/07/26 14:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/05/29 01:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions
[2009/07/26 15:06:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 16:27:56 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/10/01 10:32:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/11/15 16:28:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/26 14:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 13:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/...login-devel.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 22:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/05/28 22:45:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 22:45:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 22:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 22:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/05/06 17:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/04 03:04:27 | 000,000,000 | ---D | C] -- C:\Diablo II
[2010/05/04 02:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\D2LOD-1.12A-enUS
[2010/05/03 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\D2-1.12A-enUS
[2010/05/03 21:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/29 11:25:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009UA.job
[2010/05/29 11:18:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\prvlcl.dat
[2010/05/29 10:44:06 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70B1E64C-25FA-44F2-9FAC-CC0E4A53FE18}.job
[2010/05/29 01:42:24 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/29 01:41:40 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/29 01:40:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/29 01:40:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/29 01:40:24 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/29 01:39:07 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/05/29 01:39:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/05/29 01:38:59 | 003,173,852 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/05/28 22:45:12 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 20:54:25 | 060,486,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/26 18:25:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009Core.job
[2010/05/26 18:00:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/26 12:48:29 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/24 09:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/12 03:03:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/06 17:55:43 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HiJackThis.msi
[2010/05/04 04:11:46 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/28 22:45:12 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 03:03:16 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/06 17:56:49 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.lnk
[2010/05/06 17:55:34 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\HiJackThis.msi
[2010/05/04 04:09:28 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk
[2009/08/02 20:05:17 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/02 20:05:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/27 13:56:46 | 000,002,442 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
[2009/02/07 23:26:50 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/02/07 13:45:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/07 13:42:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/07 13:42:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/07 13:42:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/07 13:42:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/07 13:12:21 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2009/02/07 13:12:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2009/02/07 13:11:55 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/07 13:08:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/07 12:53:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009/02/07 12:51:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009/02/07 12:47:08 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/02/07 12:47:08 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009/02/07 12:36:54 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/11/20 13:32:40 | 005,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll
[2007/11/20 13:32:40 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll
[2007/11/20 13:32:40 | 000,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll
[2007/11/20 13:32:39 | 004,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll
[2007/11/20 13:32:39 | 000,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll
[2007/11/20 13:32:39 | 000,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll
[2007/11/20 13:32:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll
[2005/05/04 08:19:24 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/04 08:19:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/04 08:19:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 12:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 23:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
< End of report >

"Man's mind, once stretched by a new idea, never regains its original dimensions." -Oliver Wendell Holmes

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 29 May 2010 - 03:30 PM

Hi Zenith2012,

AVG appears to be running correctly in your logs, please do this.

Download the Eicar test file, if AVG is working it should detect and remove this, it is only a test file
so you don't need to worry, please let me know if AVG detects it.

Please run JavaRa to remove any older Java, then try and install the latest version and let me know if it's sucsessfull.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (dopewars-server)
    SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
    SRV - File not found [Disabled | Stopped] -- -- (AntiVirScheduler)
    IE - HKCU\..\URLSearchHook: *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplates/...login-devel.cab (Reg Error: Key error.)O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#5 Zenith2012

Zenith2012
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States of America
  • Local time:06:25 AM

Posted 31 May 2010 - 01:03 AM

Hi syler.

The Eicar test file was detected and removed by AVG.

I ran JavaRa but it did not fix the problem.
This is the error message i get.

"bin\awt.dll old file not found. However, a file of the same name was found. No update done since file contents do not match."



Here is the Otl fix log.

All processes killed
========== OTL ==========
Service dopewars-server stopped successfully!
Service dopewars-server deleted successfully!
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
Service AntiVirScheduler stopped successfully!
Service AntiVirScheduler deleted successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Starting removal of ActiveX control {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e5a40fc-f54b-11dd-bd9d-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9b408d0-bc63-11d9-842c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9b408d0-bc63-11d9-842c-806d6172696f}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78004 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 59989109 bytes
->Temporary Internet Files folder emptied: 6173459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60459890 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 745103 bytes
->Flash cache emptied: 48527 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 40113 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 8638924 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 663134 bytes

User: yfl

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 46711 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1345032 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 66686186 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 40515 bytes
RecycleBin emptied: 30168394 bytes

Total Files Cleaned = 225.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: yfl

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 05302010_224311

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll moved successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF8A73.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07219.TMP not found!

Registry entries deleted on Reboot...

-----------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 5/30/2010 11:01:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\Tuning
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.77 Gb Total Space | 117.27 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/30 22:38:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\Tuning\OTL.exe
PRC - [2010/04/21 09:37:38 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 09:37:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 09:13:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/14 19:16:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/14 19:16:05 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/01 14:00:34 | 009,216,928 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\devices.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/07 23:26:50 | 001,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/02/07 13:13:20 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2009/02/07 12:59:46 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/30 22:38:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\Tuning\OTL.exe
MOD - [2009/02/07 13:13:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 19:16:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/14 19:16:07 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/07 23:26:50 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 09:37:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 19:16:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 19:16:06 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/05 13:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2009/03/23 16:30:32 | 000,033,256 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/07 23:26:50 | 000,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2008/11/24 18:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/30 11:21:03 | 000,075,072 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/06/27 15:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/06/16 11:04:38 | 000,035,712 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2006/02/14 17:02:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/06/02 11:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/06/02 10:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/08/17 16:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://minneapolis.craigslist.org/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.hulu.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/29 18:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/29 18:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 19:07:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/29 19:07:48 | 000,000,000 | ---D | M]

[2009/07/26 14:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/05/30 21:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions
[2010/05/29 18:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 18:53:16 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/29 18:53:16 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/05/29 18:53:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\edbkhcm4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/29 19:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/30 22:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Drivers
[2010/05/30 22:43:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/30 22:06:24 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Compaq_Owner\Desktop\JavaRa.exe
[2010/05/29 21:10:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2010/05/29 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/05/29 19:40:51 | 000,516,096 | ---- | C] (Motorola Inc.) -- C:\WINDOWS\System32\sm56co85.dll
[2010/05/29 19:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/29 19:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/05/28 22:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2010/05/28 22:45:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 22:45:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 22:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 22:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Help
[2010/05/08 00:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Help
[2010/05/06 17:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/04 03:04:27 | 000,000,000 | ---D | C] -- C:\Diablo II
[2010/05/04 02:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\D2LOD-1.12A-enUS
[2010/05/03 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\D2-1.12A-enUS
[2010/05/03 21:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

========== Files - Modified Within 30 Days ==========

[2010/05/30 22:46:50 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/30 22:45:16 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/30 22:44:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/30 22:44:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/30 22:44:47 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 22:43:40 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/05/30 22:43:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/05/30 22:41:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbr.exe
[2010/05/30 22:25:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009UA.job
[2010/05/30 21:23:53 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70B1E64C-25FA-44F2-9FAC-CC0E4A53FE18}.job
[2010/05/30 18:25:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602569308-2713975102-2335063554-1009Core.job
[2010/05/30 18:00:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/30 17:51:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\prvlcl.dat
[2010/05/30 17:50:46 | 060,543,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/29 19:33:18 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/29 19:33:18 | 000,443,128 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/29 19:33:18 | 000,072,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/29 19:07:50 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/29 18:45:29 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/29 17:58:46 | 000,038,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 01:38:59 | 003,173,852 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/05/24 09:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 04:11:46 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk

========== Files Created - No Company Name ==========

[2010/05/30 22:41:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\mbr.exe
[2010/05/30 22:06:24 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\JavaRa.def
[2010/05/29 19:07:50 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/04 04:09:28 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II - Lord of Destruction.lnk
[2009/08/02 20:05:17 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/02 20:05:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/27 13:56:46 | 000,002,442 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
[2009/02/07 23:26:50 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/02/07 13:45:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/07 13:42:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/07 13:42:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/07 13:42:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/07 13:42:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/07 13:42:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/07 13:12:21 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2009/02/07 13:12:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2009/02/07 13:11:55 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/07 13:08:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/07 12:53:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2009/02/07 12:51:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2009/02/07 12:51:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2009/02/07 12:51:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2009/02/07 12:47:08 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009/02/07 12:47:08 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009/02/07 12:36:54 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/11/20 13:32:40 | 005,527,385 | ---- | C] () -- C:\WINDOWS\System32\IDPRSig.dll
[2007/11/20 13:32:40 | 000,622,113 | ---- | C] () -- C:\WINDOWS\System32\IDPList.dll
[2007/11/20 13:32:40 | 000,013,772 | ---- | C] () -- C:\WINDOWS\System32\IDPImmData.dll
[2007/11/20 13:32:39 | 004,985,733 | ---- | C] () -- C:\WINDOWS\System32\IDPFSig.dll
[2007/11/20 13:32:39 | 000,343,272 | ---- | C] () -- C:\WINDOWS\System32\IDPESig.dll
[2007/11/20 13:32:39 | 000,002,380 | ---- | C] () -- C:\WINDOWS\System32\IDPBlkCoo.dll
[2007/11/20 13:32:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\IDPCritProc.dll
[2005/05/04 08:19:24 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/04 08:19:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/04 08:19:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 12:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 23:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 18:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
< End of report >

------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 5/30/2010 11:01:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\Tuning
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.77 Gb Total Space | 117.27 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58807:TCP" = 58807:TCP:*:Disabled:Pando Media Booster
"58807:UDP" = 58807:UDP:*:Disabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster -- ()
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04C44CDC-9977-4AA2-B7E3-78981D0FEF76}" = BootMagic
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7915FC23-4DB3-4C23-BE74-443ACD13E4A2}_is1" = Archlord Episode 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Defraggler" = Defraggler
"Diablo" = Diablo
"Diablo II" = Diablo II
"DMX5_is1" = DriverMax 5
"dopewars-1.5.12" = dopewars-1.5.12
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{04C44CDC-9977-4AA2-B7E3-78981D0FEF76}" = Symantec BootMagic 8.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars.net" = PokerStars.net
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Terminator_is1" = Spyware Terminator
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoneAlarm" = ZoneAlarm
"ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2010 7:14:26 PM | Computer Name = YOUR-F78BF48CE2 | Source = MsiInstaller | ID = 1013
Description = Product: MSN Messenger 7.0 -- Your computer has a newer version of
MSN Messenger than the one you are trying to install. To install an older version,
first remove the current version (click Start, Settings, Control Panel, Add or
Remove, MSN Messenger), and then run this Set Up again.

Error - 4/20/2010 7:26:07 PM | Computer Name = YOUR-F78BF48CE2 | Source = MsiInstaller | ID = 1013
Description = Product: MSN Messenger 6.0 -- Your computer has a newer version of
MSN Messenger than the one you are trying to install. To install an older version,
first remove the current version (click Start, Settings, Control Panel, Add or
Remove, MSN Messenger), and then run this Set Up again.

Error - 4/20/2010 7:29:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = MsiInstaller | ID = 1013
Description = Product: MSN Messenger 6.0 -- Your computer has a newer version of
MSN Messenger than the one you are trying to install. To install an older version,
first remove the current version (click Start, Settings, Control Panel, Add or
Remove, MSN Messenger), and then run this Set Up again.

Error - 4/22/2010 6:19:42 PM | Computer Name = YOUR-F78BF48CE2 | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 20 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


Error - 5/21/2010 10:42:31 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application Maxthon.exe, version 2.5.11.3390, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2010 11:36:08 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application zClientm.exe, version 1.2.626.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2010 11:36:23 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application zClientm.exe, version 1.2.626.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2010 11:13:34 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.

Error - 5/30/2010 11:13:42 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1001
Description = Fault bucket 1376375085.

Error - 5/30/2010 11:23:31 PM | Computer Name = YOUR-F78BF48CE2 | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 20 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


[ System Events ]
Error - 5/30/2010 11:17:32 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The ULi PCI to USB Enhanced Host Controller service failed to start
due to the following error: %%1058

Error - 5/30/2010 11:17:35 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio

Error - 5/30/2010 11:19:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 5/30/2010 11:43:12 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7034
Description = The Spyware Terminator Realtime Shield Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 5/30/2010 11:43:12 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 5/30/2010 11:43:12 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:


----------------------------------------------------------------------------------------------------------------------------------------------



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


---------------------------------------------------------------------------------------------------------------------------------------------


How is my computer looking at this point?

Thanks for the help.
"Man's mind, once stretched by a new idea, never regains its original dimensions." -Oliver Wendell Holmes

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 31 May 2010 - 07:33 AM

Hi again,

Your logs are looking fine to me at this point, we will do one more check to make sure.

Your logs show that you still have some older Java installed, you need to get rid of this before you can
install the new Java, go to add\remove programs and uninstall the following:

Java™ 6 Update 11

If you still can't install the latest java after that, do a search on your computer for all Java folder and
the file awt.dll and remove them all, then try installing the latest Java again and let me know if it's
successful.


Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New HijackThis log

Thanks

unite.jpg


#7 Zenith2012

Zenith2012
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States of America
  • Local time:06:25 AM

Posted 02 June 2010 - 07:03 AM

Hi thanks and sorry for the late reply.

The java update has worked thank you.

The eset scan was blank and at the time forgot to push "list of found threars."
I hope that isnt a problem.

My computer seems to be running smoother than ever by the way.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:00:13 AM, on 6/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://minneapolis.craigslist.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10164 bytes



anything at all suspicious or useless on this report id appreciate your expert opinion so i can remove it.
i try and remove everything i dont use anymore but im not good with regitsry yet.

thanks again.
"Man's mind, once stretched by a new idea, never regains its original dimensions." -Oliver Wendell Holmes

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 02 June 2010 - 10:37 PM

Everything there looks ok to me.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update Windows
You don't have the latest service pack for windows, The service packs patch security vulnerabilities found
in windows. You should keep these upto date to keep you protected against malware, that can take
advantage of these security vulnerabilities to attack your system.The latest service pack is SP3,
Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#9 Zenith2012

Zenith2012
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States of America
  • Local time:06:25 AM

Posted 03 June 2010 - 02:16 AM

This might sound stupid but what if i dont want to remove the tools we used? or delete old system restore points? i create new ones periodically.

Hey. i ran into something i think is a virus but it isnt registering on any of my Anti-Virus programs.
Anyways i did an ESETscan and this is the report.

"C:\Program Files\Firefox Optimizer\Firefox Ultimate Optimizer.exe MSIL/FireOptimizer application cleaned by deleting - quarantined"

its now deleted so i hope it doesnt come back.

in the mean time i've been experimenting with Sandboxie and BufferZone but neither are suitable. Sandboxie won't run because of an issue with windows and the latest version of Sandboxie. BufferZone has proven to slow down my computer and not actually do anything to stop the virus i just got. Any suggestions?

Thanks Zenith-
"Man's mind, once stretched by a new idea, never regains its original dimensions." -Oliver Wendell Holmes

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 03 June 2010 - 08:23 AM

Well I don't see why you would want to keep the tools on their, a lot of the tool we use get updated
as malware does, so they will soon be outdated but it is your choice. The reason I suggest cleaning the
restore points is because when you have had an infection, the infections generally find their way into
the restore points, so you would risk restoring any malware that could potentially be in there. Also if
you have a lot of restore points they can take up quite a large portion of your drive space, although if
you have a lot of space and are not worried about that, then that is fine.

The one thing I can not help protect you against is yourself, you should take more care
with what you download and run on your computer, the first thing I see when I type Firefox
Ultimate Optimizer.exe into google is potential warnings about it being malware, it looks
like ESET did it's job though, so you should be fine.

If you haven't already, then you might want to try updating to SP3 then trying sandboxie
again, although if you don't want to use it that is entirely up to you. I have never heard
of BufferZone before so I know nothing about it, you can install all the software you want
but it will never mean you are 100% protected, that is just the nature of the game.



unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:25 PM

Posted 05 June 2010 - 05:07 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users