Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IEXPLORE.EXE Ad Popups + Redirection


  • This topic is locked This topic is locked
61 replies to this topic

#1 soybean32

soybean32

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 08 July 2010 - 04:11 PM

It all started with a BSOD Win32k.sys page_fault_in_nonpaged_area error, then my sound stopped working, and next thing you know I was being barraged by continuous IE ad popups that would keep opening until there was not enough memory to open more--this would continue every 5-10 minutes or so. I scanned with Malwarebytes/AVG/Spybot, but none of them would pick it up. Both my C and D drives are infected with it, but my temporary solution was to just delete IE... I know the problem is still there. Please help!

GMER LOG:

GMER 1.0.15.15077 [wvohshe8.exe] - http://www.gmer.net
Rootkit scan 2010-07-08 13:14:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spee.sys ZwCreateKey [0xF741F0E0]
SSDT spee.sys ZwEnumerateKey [0xF7437DA4]
SSDT spee.sys ZwEnumerateValueKey [0xF7438132]
SSDT spee.sys ZwOpenKey [0xF741F0C0]
SSDT spee.sys ZwQueryKey [0xF743820A]
SSDT spee.sys ZwQueryValueKey [0xF743808A]
SSDT spee.sys ZwSetValueKey [0xF743829C]

INT 0x62 ? 86766BF8
INT 0x63 ? 85C2BF00
INT 0x94 ? 85C2BF00
INT 0xB4 ? 867D7BF8
INT 0xB4 ? 85C2BF00

---- Kernel code sections - GMER 1.0.15 ----

? spee.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9BB68AC 5 Bytes JMP 85C2B4E0
.text a881cj37.SYS B9AFC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a881cj37.SYS B9AFC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a881cj37.SYS B9AFC3C4 3 Bytes [00, 80, 02]
.text a881cj37.SYS B9AFC3C9 1 Byte [30]
.text a881cj37.SYS B9AFC3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text D:\Documents and Settings\Sab\Desktop\MS Office 2007 Portable\MS Office 2007 Portable (6-in-1)\Microsoft Office Word 2007.exe[1324] ntdll.dll!NtQueryVirtualMemory + 6 7C90D966 4 Bytes [BC, 59, 98, 00]
.text D:\Documents and Settings\Sab\Desktop\MS Office 2007 Portable\MS Office 2007 Portable (6-in-1)\Microsoft Office Word 2007.exe[1324] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F2B9 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1A3F D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A19C0 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1A04 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A194C D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A1986 D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A1A7A D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Internet Explorer\IEXPLORE.EXE[1532] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F3165E D:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[2188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[4372] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867D61F8
Device \FileSystem\Fastfat \FatCdrom 85AC6500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 85C241F8
Device \Driver\usbuhci \Device\USBPDO-1 85C241F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D81F8
Device \Driver\dmio \Device\DmControl\DmConfig 867D81F8
Device \Driver\dmio \Device\DmControl\DmPnP 867D81F8
Device \Driver\dmio \Device\DmControl\DmInfo 867D81F8
Device \Driver\PCI_PNP5014 \Device\00000045 spee.sys
Device \Driver\usbuhci \Device\USBPDO-2 85C241F8
Device \Driver\usbehci \Device\USBPDO-3 85C0D500
Device \Driver\usbuhci \Device\USBPDO-4 85C241F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 867671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867671F8
Device \Driver\Cdrom \Device\CdRom0 85BD11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B815E7EC-21D4-4787-825E-7CA85AF542BA} 85B82500
Device \Driver\Cdrom \Device\CdRom1 85BD11F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867671F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 867671F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85B82500
Device \Driver\NetBT \Device\NetbiosSmb 85B82500
Device \Driver\sptd \Device\4043185014 spee.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 85C241F8
Device \Driver\usbuhci \Device\USBFDO-1 85C241F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85ACF1F8
Device \Driver\usbuhci \Device\USBFDO-2 85C241F8
Device 85ACF1F8
Device \Driver\usbuhci \Device\USBFDO-3 85C241F8
Device \Driver\usbehci \Device\USBFDO-4 85C0D500
Device \Driver\Ftdisk \Device\FtControl 867671F8
Device \Driver\a881cj37 \Device\Scsi\a881cj371Port2Path0Target0Lun0 85BD2500
Device \Driver\a881cj37 \Device\Scsi\a881cj371 85BD2500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 85956500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xBA 0xE1 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xD3 0x5C 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x50 0x5A 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xBA 0xE1 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xD3 0x5C 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x50 0x5A 0x9D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 58
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 41
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks LT\..svnbridge\AdventureWorksLT.png 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks LT\..svnbridge\AdventureWorksLT.vsd 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks LT\..svnbridge\instawltdb.sql 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge 0 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Address.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\AdventureWorks.pdf 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\AdventureWorks.png 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\AdventureWorks.vsd 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Contact.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\CountryRegion.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\CountryRegionCurrency.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Document.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Employee.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Illustration.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Individual.CSV 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\instawdb.sql 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\JobCandidate.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\ProductDescription.CSV 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\ProductModel.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\ProductPhoto.CSV 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\StateProvince.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\..svnbridge\Store.csv 284 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Address.csv 4156924 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\AddressType.csv 434 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\AdventureWorks.pdf 34532 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\AdventureWorks.png 666951 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\AdventureWorks.vsd 650752 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\AWBuildVersion.csv 66 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\BillOfMaterials.csv 201602 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Contact.csv 8188060 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ContactCreditCard.csv 686310 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ContactType.csv 966 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CountryCurrency.CSV 3488 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CountryRegion.csv 18596 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CountryRegionCurrency.csv 6978 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CreditCard.csv 1222791 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Culture.csv 345 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Currency.csv 4417 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CurrencyRate.CSV 1036481 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Customer.csv 1592798 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\CustomerAddress.csv 1457813 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Department.csv 1091 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Employee.csv 113136 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\EmployeeAddress.csv 20138 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\EmployeeDepartmentHistory.csv 17241 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\EmployeePayHistory.csv 19733 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Illustration.csv 170620 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Individual.CSV 23909664 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\instawdb.sql 939832 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\JobCandidate.csv 108308 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Location.csv 766 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Product.csv 89040 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductCategory.csv 294 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductCostHistory.csv 29373 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductDescription.CSV 207930 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductDocument.csv 992 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductInventory.csv 82454 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductListPriceHistory.csv 29483 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductModel.csv 107398 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductModelIllustration.csv 209 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductModelProductDescriptionCulture.CSV 30496 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductPhoto.CSV 8044206 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductProductPhoto.csv 16904 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductReview.csv 5289 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductVendor.csv 39680 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\PurchaseOrderDetail.csv 877620 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\PurchaseOrderHeader.csv 512701 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesOrderDetail.csv 13849228 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesOrderHeader.csv 8060104 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesOrderHeaderSalesReason.csv 913746 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesPerson.csv 1985 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Document.csv 1158236 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ProductSubCategory.csv 2836 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesPersonQuotaHistory.csv 16635 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SpecialOffer.csv 2744 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesReason.csv 476 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesTaxRate.csv 2826 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesTerritory.csv 1259 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SalesTerritoryHistory.csv 1674 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ScrapReason.csv 796 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Shift.csv 243 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ShipMethod.csv 476 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\ShoppingCartItem.csv 189 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\SpecialOfferProduct.CSV 36630 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\StateProvince.csv 31438 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Store.csv 724846 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\StoreContact.csv 54695 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\TransactionHistory.csv 8940132 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\TransactionHistoryArchive.csv 7017667 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\UnitMeasure.csv 1462 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\Vendor.csv 7053 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\VendorAddress.csv 3532 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\VendorContact.csv 5438 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\WorkOrder.csv 8312485 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Samples\AdventureWorks OLTP\WorkOrderRouting.csv 10665560 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Adventure Works Standard Template.Cube 136008 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Customer Template.dim 36916 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Date Template.dim 36246 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Employee Template.dim 27135 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Geography Template.dim 10828 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Internet Sales Order Details Template.dim 7593 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Product Template.dim 27507 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Promotion Template.dim 13269 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Reseller Sales Order Details Template.dim 7729 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Reseller Template.dim 24541 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Sales Channel Template.dim 3141 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Sales Reason Template.dim 6023 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Sales Summary Order Details Template.dim 7916 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Sales Territory Template.dim 7663 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Cube Templates\Adventure Works Standard Edition\Source Currency Template.dim 4425 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Organization Template.dim 9094 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Account Template.dim 6868 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Customer Template.dim 36916 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Date Template.dim 36246 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Department Template.dim 4635 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Destination Currency Template.dim 5270 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Employee Template.dim 27135 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Geography Template.dim 10828 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Internet Sales Order Details Template.dim 7593 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Product Template.dim 27507 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Promotion Template.dim 13269 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Reseller Sales Order Details Template.dim 7729 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Reseller Template.dim 24541 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Sales Channel Template.dim 3141 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Sales Reason Template.dim 6023 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Sales Summary Order Details Template.dim 7916 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Sales Territory Template.dim 7663 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Scenario Template.dim 3615 bytes
File D:\Program Files\Microsoft SQL Server\100\Tools\Templates\olap\1033\Dimension Templates\Source Currency Template.dim 4425 bytes
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\msvcr71.dll 355032 bytes executable
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources 0 bytes
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033 0 bytes
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\SQLDMO.RLL 585728 bytes executable
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLDMO.DLL 4558848 bytes executable
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLDMO80.cnt 84938 bytes
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLDMO80.hlp 2101214 bytes
File D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdi.dll 131608 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\AXSCPHST90.DLL 42712 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\DISTRIB.exe 71024 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\en 0 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\en\Microsoft.SqlServer.Replication.BusinessLogicSupport.xml 28080 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\instapi.dll 35032 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\mergetxt.dll 32624 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll 47832 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\msgprox.dll 200048 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\rdistcom.dll 644464 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replerrx.dll 112856 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replisapi.dll 273264 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replmerg.exe 320880 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replprov.dll 550256 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replrec.dll 785264 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replsub.dll 407920 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\replsync.dll 101744 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\Resources 0 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\Resources\1033 0 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\Resources\1033\AXSCPHST90.RLL 12504 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\Resources\1033\REPLRES.rll 285552 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\spresolv.dll 177008 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\sqldistx.dll 148336 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\sqlmergx.dll 194416 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\sqlresld90.dll 19160 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\sqlwep.dll 88792 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssradd.dll 42864 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssravg.dll 43376 bytes
File D:\Program Files\Microsoft SQL Server\90\COM\ssrdown.dll 29552 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssrmax.dll 41328 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssrmin.dll 41328 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssrpub.dll 30576 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\ssrup.dll 29552 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\tablediff.exe 87408 bytes executable
File D:\Program Files\Microsoft SQL Server\90\COM\xmlsub.dll 194928 bytes executable

---- EOF - GMER 1.0.15 ----




DDS (Ver_10-03-17.01) - NTFSx86
Run by Sab at 11:08:14.34 on Thu 07/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.37 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

svchost.exe 4
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe 4
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\Logi_MwX.Exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\system32\OSK.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\MSSWCHX.EXE
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
D:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
D:\Documents and Settings\Sab\Desktop\MS Office 2007 Portable\MS Office 2007 Portable (6-in-1)\Microsoft Office Word 2007.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Sab\Desktop\wvohshe8.exe
D:\Documents and Settings\Sab\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [hpWirelessAssistant] d:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG9_TRAY] d:\progra~1\avg\avg9\avgtray.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: E&xportar para o Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\sab\applic~1\mozilla\firefox\profiles\va256k8n.default\
FF - prefs.js: browser.startup.homepage - msnbc.com
FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-8-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-8-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-8-12 242896]
R1 RsFx0102;RsFx0102 Driver;d:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
R2 avg9wd;AVG Free WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-5-30 308064]
R2 MsDtsServer100;SQL Server Integration Services 10.0;d:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [2008-7-10 31256]
S3 B-Service;B-Service;c:\documents and settings\sabrina\desktop\B-Service.exe [2010-4-13 185640]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

=============== Created Last 30 ================

2010-07-08 08:32:35 0 d-s---w- D:\Combo-Fix
2010-07-08 08:32:34 389120 ----a-w- d:\windows\system32\CF31594.exe
2010-07-08 08:31:13 389120 ----a-w- d:\windows\system32\cmd.execf
2010-06-30 09:07:49 0 d-----w- d:\program files\Skygazer

==================== Find3M ====================

============= FINISH: 11:10:41.96 ===============


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:03:37 PM

Posted 12 July 2010 - 08:03 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 14 July 2010 - 03:32 AM

I haven't been seeing the popups since I deleted IE, but I highly suspect it's still here. I couldn't scan my C drive with GMER (it kept freezing everything), so I had to scan it through my D drive. I really appreciate whoever takes the time to look at this! smile.gif


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sabrina at 19:10:56.85 on Tue 07/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.233 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

svchost.exe 4
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 4
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sabrina\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uStart Page = hxxp://msnbc.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: puppetguardian.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gzs.hangame.com/common/HanSetup1010.cab
DPF: {C3B36463-0C0C-49DE-AAD8-7E6786174129} - hxxp://sign.ndoors.com/confirm/GzLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sabrina\applic~1\mozilla\firefox\profiles\5wrdxzkl.default\
FF - prefs.js: browser.startup.homepage - msnbc.com
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\sabrina\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\sabrina\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\sabrina\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\sabrina\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\sabrina\application data\mozilla\firefox\profiles\5wrdxzkl.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\sabrina\application data\mozilla\firefox\profiles\5wrdxzkl.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul323.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-1 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-1 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-1 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-11 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S1 vdizmzuw;AVZ-BC Kernel Driver;\??\c:\windows\system32\drivers\vdizmzuw.sys --> c:\windows\system32\drivers\vdizmzuw.sys [?]
S3 B-Service;B-Service;c:\documents and settings\sabrina\desktop\B-Service.exe [2010-4-13 185640]
S3 JRSKD24;JRSKD24;\??\c:\windows\system32\jrskd24.sys --> c:\windows\system32\JRSKD24.SYS [?]
S3 JRSUKD24;JRSUKD24;\??\c:\windows\system32\jrsukd24.sys --> c:\windows\system32\JRSUKD24.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-13 11520]

=============== Created Last 30 ================

2010-07-14 01:57:10 20 ----a-w- c:\documents and settings\sabrina\defogger_reenable
2010-07-08 10:10:44 0 d-----w- C:\.jagex_cache_32
2010-06-30 09:07:49 0 d-----w- c:\program files\Carina Software

==================== Find3M ====================

2010-07-13 08:34:54 46 ----a-w- c:\documents and settings\sabrina\jagex_runescape_preferences.dat
2010-07-13 08:34:48 99 ----a-w- c:\documents and settings\sabrina\jagex_runescape_preferences2.dat
2010-06-03 05:52:22 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2009-08-09 20:23:24 16384 -csha-w- c:\windows\system32\config\systemprofile\iecompatcache\index.dat
2009-08-09 21:28:11 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080920090810\index.dat

============= FINISH: 19:13:09.31 ===============



GMER 1.0.15.15077 [wvohshe8.exe] - http://www.gmer.net
Rootkit scan 2010-07-14 01:27:12
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device RsFx0102.sys (RsFx Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xBA 0xE1 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xD3 0x5C 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x50 0x5A 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xBA 0xE1 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xD3 0x5C 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0x50 0x5A 0x9D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----


Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 14 July 2010 - 06:12 PM

Hello, soybean32.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!




Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case CCleaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 14 July 2010 - 07:35 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4314

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/14/2010 5:11:39 PM
mbam-log-2010-07-14 (17-11-39).txt

Scan type: Quick scan
Objects scanned: 249355
Time elapsed: 27 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The thing is, Malwarebytes/AVG/Spybot all weren't able to detect whatever had infected my system, even before I removed IE. Do you think it would be safe to reinstall IE at this point? Or should I look to use Safari or Opera as my backup browser? I only use Firefox, but caught the virus for IE without even using it. dry.gif

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 15 July 2010 - 06:08 PM

Hello, soybean32.

How did you 'delete' Internet explorer? You can't uninstall it as it only rolls back to the previous version. It's still installed according to DDS. Did you delete the file, or only the folder? Deleting the file may stop the popup symptom, but best to remove the virus completely as it could have come with other functionality.

Let's reinstall IE; and run an OTL log for a slightly deeper look than DDS.





Step 1

Go ahead an install either IE 7 or IE 8; and make sure you get all the updates for it.



Step 2

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 16 July 2010 - 03:06 AM

OTL logfile created on: 7/16/2010 12:51:49 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Sabrina\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.22 Gb Total Space | 10.86 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive D: | 93.16 Gb Total Space | 48.79 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive E: | 11.90 Gb Total Space | 0.29 Gb Free Space | 2.40% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC245486007190
Current User Name: Sabrina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/15 20:10:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sabrina\My Documents\Downloads\OTL.exe
PRC - [2010/06/28 09:04:09 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 09:03:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 22:52:32 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 22:52:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 22:52:20 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 22:50:52 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 22:50:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/11 15:52:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/09 05:19:11 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2008/08/13 15:33:30 | 003,780,608 | ---- | M] (XemiComputers ltd.) -- C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/08 14:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/12/07 11:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/07/15 14:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/07/15 20:10:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sabrina\My Documents\Downloads\OTL.exe
MOD - [2008/08/13 11:15:02 | 000,049,152 | ---- | M] () -- C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll
MOD - [2008/05/19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll
MOD - [2008/04/13 17:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 09:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2006/11/02 08:39:58 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\INK\PENUSA.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/17 00:35:01 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Sabrina\Desktop\B-Service.exe -- (B-Service)
SRV - [2010/03/11 15:52:40 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\vdizmzuw.sys -- (vdizmzuw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\JRSUKD24.SYS -- (JRSUKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/06/02 22:52:22 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 22:52:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 15:52:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/23 16:03:15 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/01 02:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/01/31 03:25:00 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/15 04:42:00 | 003,616,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/11/11 00:50:38 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/12 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/20 03:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 09:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 09:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 09:06:00 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/18 01:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/08/10 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
IE - HKU\S-1-5-21-507310347-8617941-3380394185-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507310347-8617941-3380394185-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msnbc.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..network.proxy.autoconfig_url: "http://ac.bc.ctc.edu/"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 21:47:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 09:04:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 09:04:53 | 000,000,000 | ---D | M]

[2008/08/25 22:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Extensions
[2010/07/15 11:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions
[2010/04/19 23:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/09/02 20:02:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 12:56:04 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/25 05:17:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/13 19:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\personas@christopher.beard
[2009/09/23 16:09:51 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\searchplugins\daemon-search.xml
[2009/07/16 20:40:51 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\searchplugins\givoogle.xml
[2010/07/15 11:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/09 17:24:33 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/10 17:50:33 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul323.dll
[2006/10/13 15:09:24 | 000,638,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010/04/07 10:52:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/08/26 01:06:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKU\S-1-5-21-507310347-8617941-3380394185-1007..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKU\S-1-5-21-507310347-8617941-3380394185-1007..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108735
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} http://messenger.zone.msn.com/binary/Upwords.cab57176.cab (ZoneUpwords Object)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://gzs.hangame.com/common/HanSetup1010.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C3B36463-0C0C-49DE-AAD8-7E6786174129} http://sign.ndoors.com/confirm/GzLauncher.cab (GzLauncher Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Sabrina\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sabrina\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 07:35:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{83ac6f26-4c49-11df-b530-000fb0fd3dd9}\Shell - "" = AutoRun
O33 - MountPoints2\{83ac6f26-4c49-11df-b530-000fb0fd3dd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8ac0a92-5f09-11df-b54c-000fb0fd3dd9}\Shell - "" = AutoRun
O33 - MountPoints2\{b8ac0a92-5f09-11df-b54c-000fb0fd3dd9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8ac0a92-5f09-11df-b54c-000fb0fd3dd9}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/15 21:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/15 21:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/14 11:21:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/11 15:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\My Documents\AIMLogger
[2010/07/10 15:53:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sabrina\Recent
[2010/07/09 12:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\internet explorer
[2010/07/08 03:10:44 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/07/07 12:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 02:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Carina Software
[2010/06/28 12:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\Desktop\ANTH205
[2010/06/28 12:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\Desktop\ASTR101
[2010/06/28 12:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sabrina\Desktop\CMST280
[3 C:\Documents and Settings\Sabrina\Desktop\*.tmp files -> C:\Documents and Settings\Sabrina\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\Sabrina\My Documents\*.tmp files -> C:\Documents and Settings\Sabrina\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/15 21:36:33 | 062,023,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/15 21:33:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/15 21:31:38 | 000,001,881 | -HS- | M] () -- C:\hpqp.ini
[2010/07/15 21:31:19 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/07/15 21:31:18 | 000,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/15 21:30:47 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Sabrina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 21:30:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/15 21:30:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/15 21:30:25 | 1071,759,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/15 20:16:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/15 06:32:59 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Sabrina\ntuser.dat
[2010/07/15 06:32:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sabrina\ntuser.ini
[2010/07/15 06:32:39 | 002,640,466 | -H-- | M] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\IconCache.db
[2010/07/15 06:17:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH W3 Bushmeat Trade.doc
[2010/07/14 18:59:44 | 000,226,400 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH Primate Lb.PDF
[2010/07/14 18:58:57 | 000,148,722 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH week 3.PDF
[2010/07/11 15:51:46 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Sabrina\Desktop\~$TR Lab 2.doc
[2010/07/08 16:07:32 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\OCCT.lnk
[2010/07/08 00:06:08 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\enable.bat
[2010/07/08 00:05:20 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\disable.bat
[2010/07/07 23:23:49 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\Mikogo.cfg
[2010/07/06 20:53:06 | 002,085,499 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH DNA EC Extraction.PDF
[2010/07/06 20:52:34 | 000,212,817 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH DNA EC.PDF
[2010/07/06 20:46:50 | 000,149,752 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH W2 Schedule.PDF
[2010/07/06 15:02:59 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\CMST disc 1 replies.doc
[2010/07/05 20:56:35 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\Sabrina\webct_upload_applet.properties
[2010/07/03 11:18:36 | 001,611,730 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\The Bell Jar_Guide.PDF
[2010/07/02 00:55:08 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Sabrina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 20:01:43 | 000,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/30 04:46:46 | 004,521,984 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\hp dh cinem.doc
[2010/06/29 01:55:15 | 001,452,895 | ---- | M] () -- C:\Documents and Settings\Sabrina\My Documents\6.28.10 Chanelle DH Trailer Premier.html
[2010/06/28 18:27:15 | 053,855,671 | ---- | M] () -- C:\Documents and Settings\Sabrina\Desktop\HP7 Trailer.flv
[2010/06/24 06:07:15 | 000,882,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 06:07:15 | 000,247,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/24 06:07:15 | 000,004,752 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[3 C:\Documents and Settings\Sabrina\Desktop\*.tmp files -> C:\Documents and Settings\Sabrina\Desktop\*.tmp -> ]
[2 C:\Documents and Settings\Sabrina\My Documents\*.tmp files -> C:\Documents and Settings\Sabrina\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/15 21:30:47 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Sabrina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 06:14:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/14 23:27:33 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH W3 Bushmeat Trade.doc
[2010/07/14 19:00:12 | 000,226,400 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH Primate Lb.PDF
[2010/07/14 18:59:35 | 000,148,722 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH week 3.PDF
[2010/07/11 15:51:46 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Sabrina\Desktop\~$TR Lab 2.doc
[2010/07/08 00:06:08 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\enable.bat
[2010/07/08 00:05:20 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\disable.bat
[2010/07/06 20:53:29 | 002,085,499 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH DNA EC Extraction.PDF
[2010/07/06 20:52:46 | 000,212,817 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH DNA EC.PDF
[2010/07/06 20:51:39 | 000,149,752 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\ANTH W2 Schedule.PDF
[2010/07/06 12:46:53 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\CMST disc 1 replies.doc
[2010/07/03 11:33:18 | 001,611,730 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\The Bell Jar_Guide.PDF
[2010/06/30 04:46:46 | 004,521,984 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\hp dh cinem.doc
[2010/06/29 01:55:13 | 001,452,895 | ---- | C] () -- C:\Documents and Settings\Sabrina\My Documents\6.28.10 Chanelle DH Trailer Premier.html
[2010/06/28 18:19:37 | 053,855,671 | ---- | C] () -- C:\Documents and Settings\Sabrina\Desktop\HP7 Trailer.flv
[2010/01/01 16:02:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/23 01:20:04 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/17 15:43:52 | 000,000,043 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/23 09:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 09:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 09:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 09:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/09 17:06:57 | 000,000,055 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/06/20 00:24:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2007/05/07 12:41:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/10 19:20:33 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ann41.ini
[2007/01/10 19:20:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ANNOUNCE.INI
[2006/12/03 19:13:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/06/28 07:18:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/19 14:19:06 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/22 02:56:33 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/22 02:54:43 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/22 02:40:24 | 000,000,425 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/22 02:22:51 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/22 01:56:32 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/22 01:56:32 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/22 01:56:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/22 01:56:30 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/22 01:56:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/02 03:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/17 10:39:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 10:21:06 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/05 20:46:48 | 000,000,499 | ---- | C] () -- C:\WINDOWS\powermp3cutterjoiner.ini
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2009/11/02 05:06:52 | 000,000,835 | ---- | M] ()(C:\Documents and Settings\Sabrina\My Documents\Ksenia? Simonova.txt) -- C:\Documents and Settings\Sabrina\My Documents\Ksenia Simonova.txt
[2009/11/02 05:06:40 | 000,000,835 | ---- | C] ()(C:\Documents and Settings\Sabrina\My Documents\Ksenia? Simonova.txt) -- C:\Documents and Settings\Sabrina\My Documents\Ksenia Simonova.txt
[2009/07/13 18:48:22 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Sabrina\Desktop\Word?.doc) -- C:\Documents and Settings\Sabrina\Desktop\Word♥.doc
[2007/05/03 15:17:09 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Sabrina\My Documents\???.doc) -- C:\Documents and Settings\Sabrina\My Documents\叶老师.doc
[2007/05/03 15:17:09 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Sabrina\My Documents\???.doc) -- C:\Documents and Settings\Sabrina\My Documents\叶老师.doc
[2006/05/23 20:12:20 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Sabrina\Desktop\Word?.doc) -- C:\Documents and Settings\Sabrina\Desktop\Word♥.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >




OTL Extras logfile created on: 7/16/2010 12:51:49 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Sabrina\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 229.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.22 Gb Total Space | 10.86 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Drive D: | 93.16 Gb Total Space | 48.79 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive E: | 11.90 Gb Total Space | 0.29 Gb Free Space | 2.40% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC245486007190
Current User Name: Sabrina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"56360:TCP" = 56360:TCP:*:Enabled:Pando Media Booster
"56360:UDP" = 56360:UDP:*:Enabled:Pando Media Booster
"57324:TCP" = 57324:TCP:*:Enabled:Pando Media Booster
"57324:UDP" = 57324:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- File not found
"C:\Program Files\Wizet\MapleStory\Patcher.exe" = C:\Program Files\Wizet\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1313740E-0072-4E2D-A628-DEFCD38B577A}" = HP User Guides 0011
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2852CCA6-03E1-48CB-8FDF-0E2CD26122D4}" = SkyGazer 4.5
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4EC1177C-E3E8-4CEE-8E9F-E6D4E6F7B2E2}Sabrina_is1" = WinDS PRO DSi 2.4.4 Multilang (Sabrina)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{894A9DFD-6102-40AB-9C4A-1DCA60032D64}" = Quicken Rental Property Manager 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"AC Tool" = AC Tool
"Access" = Microsoft Office Access 2007
"Active Desktop Calendar_is1" = Active Desktop Calendar 7.58
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_7" = AIM 7
"Announcements 4.1" = Announcements 4.1
"AVG9Uninstall" = AVG Free 9.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bannershop GIF Animator" = Selteco Bannershop GIF Animator
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter 2.4
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OCCT_is1" = OCCT Perestroika 2.0.0a
"PROSet" = Intel® PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"Verizon Online DSL_is1" = Verizon Online DSL
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507310347-8617941-3380394185-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2010 12:47:56 AM | Computer Name = PC245486007190 | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 928 ,Logged: Success: C:\Documents and Settings\Sabrina\Desktop\Windows
Installer Clean Up\Windows Installer Clean Up\msizap.exe TW! {6249567F-65C3-4EE7-B023-E4FA035B0520}

Error - 4/14/2010 12:48:02 AM | Computer Name = PC245486007190 | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 928 ,Logged: Success: C:\Documents and Settings\Sabrina\Desktop\Windows
Installer Clean Up\Windows Installer Clean Up\msizap.exe TW! {DAA8590D-D93E-4697-9CBE-D96A7590A8E3}

Error - 4/14/2010 9:01:30 AM | Computer Name = PC245486007190 | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1719.
The Windows Installer Service could not be accessed. This can occur if the Windows
Installer is not correctly installed. Contact your support personnel for assistance.

Error - 4/14/2010 11:01:32 PM | Computer Name = PC245486007190 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/16/2010 5:44:29 PM | Computer Name = PC245486007190 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/16/2010 7:09:07 PM | Computer Name = PC245486007190 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 4/18/2010 3:39:28 PM | Computer Name = PC245486007190 | Source = NativeWrapper | ID = 5000
Description =

Error - 4/18/2010 3:40:28 PM | Computer Name = PC245486007190 | Source = Media Center Scheduler | ID = 0
Description =

Error - 4/20/2010 12:45:38 AM | Computer Name = PC245486007190 | Source = NativeWrapper | ID = 5000
Description =

Error - 4/20/2010 8:03:13 AM | Computer Name = PC245486007190 | Source = NativeWrapper | ID = 5000
Description =

[ OSession Events ]
Error - 12/5/2009 1:23:58 AM | Computer Name = PC245486007190 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10952
seconds with 8340 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/15/2010 11:02:29 PM | Computer Name = PC245486007190 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
-Embedding

Error - 7/16/2010 12:32:31 AM | Computer Name = PC245486007190 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intuit Update Service
service to connect.

Error - 7/16/2010 12:32:31 AM | Computer Name = PC245486007190 | Source = Service Control Manager | ID = 7000
Description = The Intuit Update Service service failed to start due to the following
error: %%1053

Error - 7/16/2010 3:41:12 AM | Computer Name = PC245486007190 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/16/2010 3:41:12 AM | Computer Name = PC245486007190 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >



I reinstalled IE, and the virus is for sure still here. The popups opened again. And the only way I "deleted" IE the first time was by deleting the folder, I couldn't actually uninstall.

#8 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 16 July 2010 - 03:21 AM

It also keeps changing my sound settings again... It moves the "Wave" setting on Volume Controls all the way down for some reason. Once again, it all started with a BSOD Win32k.sys page_fault_in_nonpaged_area error if that offers any clues.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 16 July 2010 - 05:56 PM

Hello, soybean32.
OK, let's run Combofix. I'm not surprised...that's why I wanted to reinstall IE to confirm.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 July 2010 - 06:01 PM

The popups got progressively worse, so I had to go into Safemode and remove the IE folder again before using Combofix. Here's the log:


ComboFix 10-07-15.05 - Sabrina 07/17/2010 15:35:50.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.576 [GMT -7:00]
Running from: c:\documents and settings\Sabrina\Desktop\etavaresCF.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\LEAD51N.DLL

.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.

2010-07-16 19:59 . 2010-07-16 19:59 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 04:33 . 2010-07-16 04:33 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-14 18:21 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-08 10:10 . 2010-07-08 10:10 -------- d-----w- C:\.jagex_cache_32
2010-07-08 06:54 . 2010-07-08 06:54 -------- d-----w- c:\documents and settings\Extra\Local Settings\Application Data\Western_Digital
2010-07-08 06:54 . 2010-07-08 06:54 -------- d-----w- c:\documents and settings\Extra\Local Settings\Application Data\Western Digital
2010-07-08 06:54 . 2010-07-08 06:54 -------- d-----w- c:\documents and settings\Extra\Application Data\Western Digital
2010-07-07 19:47 . 2010-07-07 19:47 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-30 09:07 . 2010-06-30 09:07 -------- d-----w- c:\program files\Carina Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 06:37 . 2010-03-01 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-16 20:01 . 2010-07-16 20:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 20:01 . 2010-07-16 20:01 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 19:59 . 2009-09-02 02:51 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 19:58 . 2009-09-02 02:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 19:56 . 2010-07-16 19:56 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-16 19:56 . 2010-07-16 19:56 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 19:56 . 2010-07-16 19:56 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 19:56 . 2010-07-16 19:56 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 12:08 . 2008-07-11 00:07 46 ----a-w- c:\documents and settings\Sabrina\jagex_runescape_preferences.dat
2010-07-16 12:07 . 2009-09-03 08:26 99 ----a-w- c:\documents and settings\Sabrina\jagex_runescape_preferences2.dat
2010-07-15 13:05 . 2009-09-24 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-13 08:15 . 2010-04-01 02:28 -------- d-----w- c:\documents and settings\Sabrina\Application Data\vlc
2010-06-14 14:31 . 2004-08-10 15:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 02:56 . 2007-05-24 08:22 -------- d-----w- c:\documents and settings\Sabrina\Application Data\U3
2010-06-05 00:11 . 2010-02-16 10:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 05:52 . 2009-09-02 02:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 23:42 . 2010-05-03 07:51 -------- d-----w- c:\program files\AIM
2010-05-20 03:12 . 2010-05-20 03:12 -------- d-----w- c:\documents and settings\Mom\Application Data\Western Digital
2010-05-14 07:31 . 2010-02-08 10:43 143976 ----a-w- c:\documents and settings\Sabrina\Application Data\Move Networks\uninstall.exe
2010-05-14 07:31 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Sabrina\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-05-14 07:31 . 2010-05-14 07:30 1794456 ----a-w- c:\documents and settings\Sabrina\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-05-06 10:41 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 15:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2008-11-08 13:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2008-11-08 13:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 01:55 . 2010-04-11 01:31 117760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-04-20 05:30 . 2004-08-10 15:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-08-13 3780608]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-07 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-14 507904]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-08 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 19:59 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- d:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-10 07:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 07:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 23:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-12-15 11:42 7331840 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 07:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 07:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-18 04:38 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-10-28 23:11 679936 ------w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PEVSystemStart"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56360:TCP"= 56360:TCP:Pando Media Booster
"56360:UDP"= 56360:UDP:Pando Media Booster
"57324:TCP"= 57324:TCP:Pando Media Booster
"57324:UDP"= 57324:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/1/2009 7:51 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/1/2009 7:51 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 12:59 PM 308136]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S1 vdizmzuw;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vdizmzuw.sys --> c:\windows\system32\Drivers\vdizmzuw.sys [?]
S3 B-Service;B-Service;c:\documents and settings\Sabrina\Desktop\B-Service.exe [4/13/2010 12:13 AM 185640]
S3 JRSKD24;JRSKD24;\??\c:\windows\system32\JRSKD24.SYS --> c:\windows\system32\JRSKD24.SYS [?]
S3 JRSUKD24;JRSUKD24;\??\c:\windows\system32\JRSUKD24.SYS --> c:\windows\system32\JRSUKD24.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/13/2010 8:36 PM 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/23/2009 1:20 AM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msnbc.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gzs.hangame.com/common/HanSetup1010.cab
DPF: {C3B36463-0C0C-49DE-AAD8-7E6786174129} - hxxp://sign.ndoors.com/confirm/GzLauncher.cab
FF - ProfilePath - c:\documents and settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\
FF - prefs.js: browser.startup.homepage - msnbc.com
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Sabrina\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Sabrina\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\5wrdxzkl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul323.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,64,5b,b6,c2,f3,57,41,b8,77,b1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,64,5b,b6,c2,f3,57,41,b8,77,b1,\

[HKEY_USERS\S-1-5-21-507310347-8617941-3380394185-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50D428E3-F26B-342C-0B6C-B279741E7D90}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakdldbjhkgonmdlpdnjmmhinmaolj"=hex:64,61,6b,66,6c,6e,63,6c,00,70
"oagconmkdgnjaelllmflcjinofdonn"=hex:6a,61,6a,66,65,6b,69,70,6f,6f,67,67,68,6b,
6a,6f,69,62,6b,63,00,fd
"namcelkekpbgpodpchdifgapgbbk"=hex:6b,61,6b,66,69,6e,63,6a,63,68,6d,6c,68,6f,
6a,64,63,62,6f,6d,69,68,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,aa,7f,27,db,bd,f8,bb,4a,e3,22,46,6e,d6,15,19,28,fd,4c,3b,6e,
19,48,ac,31,3a,d6,bb,6e,f2,3b,6d,a0,75,77,42,25,55,5d,9c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a97cd6ca-d3f3-45b8-8bec-0c6dfd1d05a0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000001
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,a3,4d,8a,86,a6,1f,8c,ed,c4,9f,27,cf,25,5d,\
.
Completion time: 2010-07-17 15:55:45
ComboFix-quarantined-files.txt 2010-07-17 22:55

Pre-Run: 11,236,077,568 bytes free
Post-Run: 11,651,358,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - BDAE12006D4551E2FA61A81F45CA21B6


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 18 July 2010 - 06:55 AM

Hello, soybean32.

The good news is that CF did show me some bad registry entries we need to get rid of. Please do step 1; then reboot and install IE. Any popups now?



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
RegLockDel::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a97cd6ca-d3f3-45b8-8bec-0c6dfd1d05a0}]
RegNull::
[HKEY_USERS\S-1-5-21-507310347-8617941-3380394185-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50D428E3-F26B-342C-0B6C-B279741E7D90}*]
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
vdizmzuw
File::
c:\windows\system32\Drivers\vdizmzuw.sys


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 18 July 2010 - 06:55 AM

EDIT: double post.

Edited by etavares, 18 July 2010 - 06:55 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 20 July 2010 - 05:27 AM

Hmmm, not good! I just ran your script and after it auto-rebooted, I wasn't able to access my C drive! I got a BSOD error twice: Invalid_Kernel_Handle STOP: 0x00000093 (0x000003E8, 0x00000000, 0x00000000, 0x00000000). Thankfully I'm able to use my D drive partition at the moment!


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 20 July 2010 - 08:02 AM

OK, that error is usually driver related...which often means Combofix was unable or was interrupted while trying to fix a rootkit. Are you able to access your C: partition when you boot to D:? If so, please post c:\combofix.txt if it exists.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 soybean32

soybean32
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 20 July 2010 - 08:50 PM

I was finally able to reboot to C, but I don't see the combofix.txt...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users