Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer will not open.. at all.. No Interenet Options Win XP


  • Please log in to reply
31 replies to this topic

#1 MistyC

MistyC

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 14 December 2010 - 07:05 AM

Hope my title is alright.. I have this posted over in the Win XP forum because I didnt think it was a Virus issue.. but they told me to post over here because of a few issues I am having... Here is my original post just to start with.. (copied from the Win xp Forum) Previous topic in XP forum: http://www.bleepingcomputer.com/forums/topic366912.html ~ OB

~~~~

ok.. I have googled & googled & google.. tried everything they told me to do and it isnt working.. SO I have come to the pros lol.

You guys just helped me last week.. We had to replace our Graphics Card. Now the PC is up and working.. But ever since we did, our internet explorer will NOT do anything.. a few times we got an error message but I can not get it to do it again so I can relay it.

I have uninstalled IE 7...
I have tried to Reinstall IE 7...
... it goes threw the whole install thing, tells me to restart the PC & when it comes up.. nothing..

I tried to start it using the "without add ons" option.. still will not start..
I have tried to click on a link that was saved with IE (shortcut to a webpage.. not link sorry) And it just opens in Firefox.

I would not care but my husband likes to use IE so I am trying to get it back for him..

btw by "not open" I mean when you click on it.. the hour glass appears for MAYBE a second & then goes away.. Nothing opens, no screens appear & no error signs..

~~

Additional info that was uncovered over in the other forum that might help...

Firefox works fine
I had IE8 but it crashed all the time so I rolled back to IE7 using the instructions on Microsofts website..
I uninstalled IE7 using Microsofts directions (add & remove programs) And then reinstalled it from Microsofts site as well..
When I go into my C: windows folder, I have both IE7 & IE8s folder & download folders (so 4 folders)

Other issues...

Firefox does lock up ("Not responding") often. It has for a while..

Other then that, no other signs of virus's

We are using AVG free & run malwarebytes' all the time... (& yes I keep them both updated)

Oh yeah, this is a Custom computer.. My husband built it over a year ago. Never had any problems until recently... (besides FF loading issues)

Thank you for your help!


ETA...

I have tried removing the check mark in "Internet explorer" in the windows add/remove programs section... Restarted the pc & then rechecked it.. didnt work.
I tried system restore.. Said it could NOT restore to a later date..
I tried repair via the original windows disc.. Didnt do anything.
Yes we have the Original windows XP Home disc.

Ty again..

Edited by Orange Blossom, 19 December 2010 - 02:49 PM.


BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 19 December 2010 - 05:04 PM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.


We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

#3 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 20 December 2010 - 01:54 AM

ty for your help.. I had to run the Gmer in safe mode because everytime I started the program I received the BSOD. Now that I am back in regular mode I Just keep getting a "USB Device not recognized" error & it appears one of my usb devices (I am assuming it is my card reader) is not plugged up to the pc.. not sure how that can be but figured I would mention it. Here are the logs..




---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- EOF - GMER 1.0.15 ----


Ok Well I zipped up the Gmer log like instructed, but I have no idea how to attach it.. if you can tell me how to do so or point me to a site that can instruct me, I would be glad to attach lol. other wise lmk & I will post it here as a text.

thanks again

Edited by MistyC, 20 December 2010 - 01:59 AM.


#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 20 December 2010 - 05:17 AM

Hi MystiC,

Pasting the content of the file works just fine as well. Please post the content of the DDS log as well.

#5 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 20 December 2010 - 08:18 AM

ok here is the Dds log! thanks!




DDS (Ver_10-12-12.02) - NTFSx86
Run by Dad at 18:56:58.42 on Sun 12/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1487 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trust\GM-4600 Gamer Mouse\Amoumain.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Glue Plugin: {a831c155-9ab6-476a-8294-cf7e902790e0} - c:\documents and settings\dad\application data\adaptiveblue\glue\AdaptiveBlueBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
BHO: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: CrowdStar Gamebar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\toddle~1.lnk - c:\docume~1\dad\applic~1\microsoft\installer\{7339e7e7-fb6a-46ec-8303-d31e655ef617}\_154754de.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gm-460~1.lnk - c:\program files\trust\gm-4600 gamer mouse\Amoumain.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\qpx8y84r.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\qpx8y84r.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\qpx8y84r.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\qpx8y84r.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\dad\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\dad\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\dad\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: eBay Quick Search: ebayquicksearch@upaaya - %profile%\extensions\ebayquicksearch@upaaya
FF - Ext: AmazonAssist: sidecar@amazon.com - %profile%\extensions\sidecar@amazon.com
FF - Ext: CrowdStar Gamebar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
FF - Ext: PriceTrace: {72938f90-8d8a-11de-8a39-0800200c9a66} - %profile%\extensions\{72938f90-8d8a-11de-8a39-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\dad\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-18 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2009-12-18 10688]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-6-10 401920]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-28 29744]
S4 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2009-9-29 335872]

=============== Created Last 30 ================

2010-12-19 02:31:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-18 22:43:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-18 22:43:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-18 22:42:12 -------- d-----w- c:\docume~1\dad\locals~1\applic~1\Sunbelt Software
2010-12-18 22:40:21 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-18 22:39:57 -------- d-----w- c:\program files\Lavasoft
2010-12-18 22:38:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-18 22:38:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-18 21:45:58 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-12-18 21:45:58 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-12-18 21:35:33 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2010-12-18 21:35:33 114688 ----a-w- c:\windows\system32\calc.exe
2010-12-13 22:40:22 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-13 22:40:19 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-13 22:40:19 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-13 22:40:16 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-13 22:40:13 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-13 22:40:09 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-13 22:40:06 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-12-13 22:40:05 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-12-13 22:40:03 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-12-13 22:40:02 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-12-13 22:40:01 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-12-13 22:38:58 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-12-13 22:37:58 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-12-13 22:36:59 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-12-13 22:35:58 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-12-13 22:34:59 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-12-13 22:33:57 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-12-13 22:32:58 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-12-13 22:31:57 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-12-13 22:30:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-12-13 22:29:59 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-12-13 22:28:57 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-13 22:27:47 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-12-13 22:26:58 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-12-13 22:25:59 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-12-13 22:24:59 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-12-13 22:23:58 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2010-12-13 22:22:59 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2010-12-13 22:21:59 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-12-13 10:43:41 388096 ----a-r- c:\docume~1\dad\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-13 10:43:40 -------- d-----w- c:\program files\Trend Micro
2010-12-11 02:48:04 -------- d-----w- c:\docume~1\dad\applic~1\GetRightToGo
2010-12-09 04:06:00 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-12-09 04:06:00 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-09 04:06:00 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-09 04:06:00 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-09 04:06:00 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-12-09 04:05:59 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-12-09 04:05:59 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-12-09 04:05:57 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-09 04:05:38 -------- d-----w- C:\567399231166f5113d9d5769262a86
2010-12-09 00:06:09 -------- d-----w- c:\program files\MSXML 6.0
2010-12-08 23:53:08 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-12-08 23:17:27 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-12-08 23:16:46 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-08 23:15:32 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-12-08 23:09:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-12-08 23:02:56 -------- d-----w- c:\windows\NV10641432.TMP
2010-12-01 21:31:43 -------- d-----w- c:\windows\NV7483032.TMP
2010-12-01 21:12:28 -------- d-----w- c:\windows\NV26803244.TMP
2010-12-01 19:12:59 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2010-12-01 19:11:57 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-12-01 19:10:53 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-12-01 19:10:46 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-12-01 19:08:10 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-01 19:08:10 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2010-12-01 18:42:07 14573 ----a-r- c:\windows\SET84.tmp
2010-12-01 18:42:04 13753 ----a-r- c:\windows\SET51.tmp
2010-12-01 18:42:01 1086058 ----a-r- c:\windows\SET45.tmp
2010-12-01 18:42:00 1042903 ----a-r- c:\windows\SET42.tmp
2010-12-01 18:37:39 -------- d-----w- c:\windows\NV1264372.TMP
2010-12-01 18:21:06 14573 ----a-r- c:\windows\SET83.tmp
2010-12-01 18:21:03 13753 ----a-r- c:\windows\SET50.tmp
2010-12-01 18:20:59 1086058 ----a-r- c:\windows\SET44.tmp
2010-12-01 18:20:58 1042903 ----a-r- c:\windows\SET41.tmp
2010-12-01 18:17:39 -------- d-----w- c:\windows\NV12161976.TMP
2010-12-01 18:02:43 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-01 18:02:43 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-01 18:02:43 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-01 18:02:43 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-01 18:02:30 14573 ----a-r- c:\windows\SET140.tmp
2010-12-01 18:02:25 13753 ----a-r- c:\windows\SET10D.tmp
2010-12-01 18:02:21 1086058 ----a-r- c:\windows\SET101.tmp
2010-12-01 18:02:20 1042903 ----a-r- c:\windows\SETFE.tmp
2010-12-01 11:45:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-01 11:45:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-22 18:55:48 -------- d-----w- C:\CIRQUE_DU_FREAK

==================== Find3M ====================

2010-12-01 05:19:02 98304 ----a-w- c:\windows\DUMP74e1.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-31 13:57:23 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 18:58:01.34 ===============

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 20 December 2010 - 12:35 PM

Hi MistyC,

Please uninstall AVG 2011.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#7 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 20 December 2010 - 08:22 PM

ComboFix 10-12-20.01 - Dad 12/20/2010 20:11:33.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2258 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dad\Application Data\inst.exe
C:\Install.exe
c:\program files\filesubmit
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\HOW TO INSTALL ACTIVE THEMES.doc
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Float\1.jpg
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Float\1a.html
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Float\1b.htm
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Float\simages\0.gif
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Float\simages\Thumbs.db
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Theme.exe
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine Theme.Theme
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\The Old Steam Engine.jpg
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Thumbs.db
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Busy.ANI
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Help.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Horizontal.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Left.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Move.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\No.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Normal.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Precision.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Right.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Text.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Up.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Vertical.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Working.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Cursors\Write.ani
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Icons\Train1.ico
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Icons\Train2.ico
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Icons\Train3.ico
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Icons\Train4.ico
c:\program files\filesubmit\theoldsteamengine\theoldsteamengine\The Old Steam Engine\Train Icons\Train5.ico
c:\temp\PRE45
C:\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\sX3i19
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-19 02:31 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-18 22:43 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-18 22:43 . 2010-12-18 22:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-18 22:42 . 2010-12-18 22:42 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Sunbelt Software
2010-12-18 22:40 . 2010-12-18 22:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-18 22:39 . 2010-12-18 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-12-18 22:39 . 2010-12-18 22:39 -------- d-----w- c:\program files\Lavasoft
2010-12-18 22:38 . 2010-12-19 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-18 22:38 . 2010-12-18 22:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-18 21:45 . 2006-02-28 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-12-18 21:45 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-12-18 21:35 . 2006-02-28 12:00 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2010-12-18 21:35 . 2006-02-28 12:00 114688 ----a-w- c:\windows\system32\calc.exe
2010-12-13 22:40 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-13 22:40 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-13 22:40 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-13 22:40 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-13 22:40 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-13 22:40 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-13 22:40 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-12-13 22:40 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-12-13 22:40 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-12-13 22:40 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-12-13 22:40 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-12-13 22:38 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-12-13 22:37 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-12-13 22:36 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-12-13 22:35 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-12-13 22:34 . 2004-08-04 03:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-12-13 22:33 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-12-13 22:32 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-12-13 22:31 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-12-13 22:30 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-12-13 22:29 . 2001-08-17 17:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-12-13 22:28 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-13 22:27 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-12-13 22:26 . 2001-08-17 17:11 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-12-13 22:25 . 2001-08-18 03:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-12-13 22:24 . 2001-08-17 17:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-12-13 22:23 . 2001-08-17 18:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-12-13 22:22 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2010-12-13 22:21 . 2001-08-17 19:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2010-12-13 10:43 . 2010-12-13 10:43 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-13 10:43 . 2010-12-13 10:43 -------- d-----w- c:\program files\Trend Micro
2010-12-11 02:48 . 2010-12-12 16:40 -------- d-----w- c:\documents and settings\Dad\Application Data\GetRightToGo
2010-12-09 04:06 . 2010-11-06 00:34 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-12-09 04:06 . 2010-11-06 00:34 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-09 04:06 . 2010-11-06 00:34 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-09 04:06 . 2010-11-06 00:34 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-09 04:06 . 2010-11-03 12:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-12-09 04:05 . 2010-11-06 00:34 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-12-09 04:05 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-12-09 04:05 . 2010-11-06 00:34 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-09 04:05 . 2010-12-09 04:05 -------- d-----w- C:\567399231166f5113d9d5769262a86
2010-12-09 00:06 . 2010-12-09 00:06 -------- d-----w- c:\program files\MSXML 6.0
2010-12-08 23:53 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-12-08 23:17 . 2010-12-08 23:17 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-12-08 23:16 . 2010-04-28 02:25 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-08 23:15 . 2008-04-14 00:12 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-12-08 23:09 . 2010-12-08 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-12-08 23:02 . 2010-12-08 23:05 -------- d-----w- c:\windows\NV10641432.TMP
2010-12-01 21:31 . 2010-12-01 21:34 -------- d-----w- c:\windows\NV7483032.TMP
2010-12-01 21:12 . 2010-12-01 21:17 -------- d-----w- c:\windows\NV26803244.TMP
2010-12-01 19:12 . 2006-02-28 12:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2010-12-01 19:11 . 2006-02-28 12:00 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-12-01 19:10 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-12-01 19:10 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-12-01 19:08 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-01 19:08 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-12-01 18:42 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET84.tmp
2010-12-01 18:42 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2010-12-01 18:42 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2010-12-01 18:42 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2010-12-01 18:37 . 2010-12-01 18:37 -------- d-----w- c:\windows\NV1264372.TMP
2010-12-01 18:21 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET83.tmp
2010-12-01 18:21 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET50.tmp
2010-12-01 18:20 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET44.tmp
2010-12-01 18:20 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET41.tmp
2010-12-01 18:17 . 2010-12-01 18:17 -------- d-----w- c:\windows\NV12161976.TMP
2010-12-01 18:02 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-01 18:02 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-01 18:02 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-01 18:02 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-01 18:02 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET140.tmp
2010-12-01 18:02 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET10D.tmp
2010-12-01 18:02 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET101.tmp
2010-12-01 18:02 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETFE.tmp
2010-12-01 11:45 . 2010-12-01 11:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-01 11:36 . 2010-12-01 11:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-12-01 11:36 . 2010-12-01 11:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-11-22 18:55 . 2010-11-22 19:56 -------- d-----w- C:\CIRQUE_DU_FREAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 05:19 . 2008-10-28 12:44 98304 ----a-w- c:\windows\DUMP74e1.tmp
2010-11-29 22:42 . 2009-01-01 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-01-01 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-10-28 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2010-04-07 15:32 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-04-07 15:32 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-31 13:57 . 2008-10-31 13:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-14 23:30 . 2008-11-14 23:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-02-28 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Dad\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2010-10-10 74752]
Toddler Keys.lnk - c:\documents and settings\Dad\Application Data\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_154754de.exe [2008-12-4 766]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GM-4600 Gamer Mouse.Lnk - c:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe [2007-3-13 196608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 16:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dskl]
2010-06-02 07:21 224256 ----a-w- c:\ds\dskl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-11-14 23:30 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2006-07-23 01:22 1126400 ----a-w- c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 22:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-01-22 22:22 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-04-15 02:05 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-03-13 19:33 196608 ----a-w- c:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"STSService"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"NVSvc"=2 (0x2)
"nTuneService"=2 (0x2)
"nSvcIp"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Amazon Download Agent"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/18/2010 5:43 PM 64288]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 5:52 PM 74088]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 5:52 PM 1078632]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [2/28/2006 7:00 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 2:22 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1389400]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [12/18/2009 2:40 PM 10688]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/10/2010 9:10 AM 401920]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/28/2008 5:32 PM 29744]
S4 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [9/29/2009 5:41 AM 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 19:21]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 19:21]

2010-12-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 02:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\qpx8y84r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: eBay Quick Search: ebayquicksearch@upaaya - %profile%\extensions\ebayquicksearch@upaaya
FF - Ext: AmazonAssist: sidecar@amazon.com - %profile%\extensions\sidecar@amazon.com
FF - Ext: CrowdStar Gamebar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
FF - Ext: PriceTrace: {72938f90-8d8a-11de-8a39-0800200c9a66} - %profile%\extensions\{72938f90-8d8a-11de-8a39-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Dad\Application Data\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-RegistryCleanerPro - c:\program files\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe
AddRemove-House to House - c:\windows\uninstall House_to.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 20:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-12-20 20:20:21
ComboFix-quarantined-files.txt 2010-12-21 01:20

Pre-Run: 422,217,326,592 bytes free
Post-Run: 422,912,638,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CAF570A3A30D5559ECFBF6D50CFF03E2

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 20 December 2010 - 09:40 PM

Hi MystyC,

Some things we are going to remove are not necessarily malware (but can be considered foistware). They might be causing the problems with Internet Explorer.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent some things from being fixed.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your log is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.

Then,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= -
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#9 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 20 December 2010 - 11:59 PM

Ty so much for helping me.. I have No clue what that teatime is or where it came from.. Followed your directions & here is the log..

ComboFix 10-12-20.01 - Dad 12/20/2010 23:53:30.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2203 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cb_586.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_585.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-19 02:31 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-18 22:43 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-18 22:43 . 2010-12-18 22:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-18 22:42 . 2010-12-18 22:42 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Sunbelt Software
2010-12-18 22:40 . 2010-12-18 22:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-18 22:39 . 2010-12-18 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-12-18 22:39 . 2010-12-18 22:39 -------- d-----w- c:\program files\Lavasoft
2010-12-18 22:38 . 2010-12-19 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-18 22:38 . 2010-12-18 22:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-18 21:45 . 2006-02-28 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2010-12-18 21:45 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2010-12-18 21:35 . 2006-02-28 12:00 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2010-12-18 21:35 . 2006-02-28 12:00 114688 ----a-w- c:\windows\system32\calc.exe
2010-12-13 22:40 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-12-13 22:40 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-12-13 22:40 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-12-13 22:40 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-12-13 22:40 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-12-13 22:40 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-12-13 22:40 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-12-13 22:40 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-12-13 22:40 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-12-13 22:40 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-12-13 22:40 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-12-13 22:38 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-12-13 22:37 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-12-13 22:36 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-12-13 22:35 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-12-13 22:34 . 2004-08-04 03:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-12-13 22:33 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-12-13 22:32 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-12-13 22:31 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-12-13 22:30 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-12-13 22:29 . 2001-08-17 17:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-12-13 22:28 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-12-13 22:27 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-12-13 22:26 . 2001-08-17 17:11 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-12-13 22:25 . 2001-08-18 03:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-12-13 22:24 . 2001-08-17 17:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-12-13 22:23 . 2001-08-17 18:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-12-13 22:22 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\cpscan.dll
2010-12-13 22:21 . 2001-08-17 19:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2010-12-13 10:43 . 2010-12-13 10:43 388096 ----a-r- c:\documents and settings\Dad\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-13 10:43 . 2010-12-13 10:43 -------- d-----w- c:\program files\Trend Micro
2010-12-11 02:48 . 2010-12-12 16:40 -------- d-----w- c:\documents and settings\Dad\Application Data\GetRightToGo
2010-12-09 04:06 . 2010-11-06 00:34 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-12-09 04:06 . 2010-11-06 00:34 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-09 04:06 . 2010-11-06 00:34 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-09 04:06 . 2010-11-06 00:34 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-09 04:06 . 2010-11-03 12:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-12-09 04:05 . 2010-11-06 00:34 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-12-09 04:05 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-12-09 04:05 . 2010-11-06 00:34 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-09 04:05 . 2010-12-09 04:05 -------- d-----w- C:\567399231166f5113d9d5769262a86
2010-12-09 00:06 . 2010-12-09 00:06 -------- d-----w- c:\program files\MSXML 6.0
2010-12-08 23:53 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-12-08 23:17 . 2010-12-08 23:17 -------- d-----w- c:\program files\ZOTAC FireStorm
2010-12-08 23:16 . 2010-04-28 02:25 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-08 23:15 . 2008-04-14 00:12 214528 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2010-12-08 23:09 . 2010-12-08 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-12-08 23:02 . 2010-12-08 23:05 -------- d-----w- c:\windows\NV10641432.TMP
2010-12-01 21:31 . 2010-12-01 21:34 -------- d-----w- c:\windows\NV7483032.TMP
2010-12-01 21:12 . 2010-12-01 21:17 -------- d-----w- c:\windows\NV26803244.TMP
2010-12-01 19:12 . 2006-02-28 12:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2010-12-01 19:11 . 2006-02-28 12:00 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-12-01 19:10 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-12-01 19:10 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-12-01 19:08 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-12-01 19:08 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2010-12-01 18:42 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET84.tmp
2010-12-01 18:42 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2010-12-01 18:42 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2010-12-01 18:42 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2010-12-01 18:37 . 2010-12-01 18:37 -------- d-----w- c:\windows\NV1264372.TMP
2010-12-01 18:21 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET83.tmp
2010-12-01 18:21 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET50.tmp
2010-12-01 18:20 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET44.tmp
2010-12-01 18:20 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET41.tmp
2010-12-01 18:17 . 2010-12-01 18:17 -------- d-----w- c:\windows\NV12161976.TMP
2010-12-01 18:02 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-12-01 18:02 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-12-01 18:02 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-12-01 18:02 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-12-01 18:02 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET140.tmp
2010-12-01 18:02 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET10D.tmp
2010-12-01 18:02 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET101.tmp
2010-12-01 18:02 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETFE.tmp
2010-12-01 11:45 . 2010-12-01 11:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-01 11:36 . 2010-12-01 11:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-12-01 11:36 . 2010-12-01 11:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-11-22 18:55 . 2010-11-22 19:56 -------- d-----w- C:\CIRQUE_DU_FREAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 05:19 . 2008-10-28 12:44 98304 ----a-w- c:\windows\DUMP74e1.tmp
2010-11-29 22:42 . 2009-01-01 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2009-01-01 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-10-28 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-02-28 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2010-04-07 15:32 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-04-07 15:32 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-31 13:57 . 2008-10-31 13:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-14 23:30 . 2008-11-14 23:30 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-02-28 44032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Dad\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2010-10-10 74752]
Toddler Keys.lnk - c:\documents and settings\Dad\Application Data\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_154754de.exe [2008-12-4 766]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GM-4600 Gamer Mouse.Lnk - c:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe [2007-3-13 196608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 16:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dskl]
2010-06-02 07:21 224256 ----a-w- c:\ds\dskl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-11-14 23:30 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2006-07-23 01:22 1126400 ----a-w- c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 22:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-01-22 22:22 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-04-15 02:05 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ----a-r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-03-13 19:33 196608 ----a-w- c:\program files\Trust\GM-4600 Gamer Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"STSService"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"NVSvc"=2 (0x2)
"nTuneService"=2 (0x2)
"nSvcIp"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Amazon Download Agent"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/18/2010 5:43 PM 64288]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 5:52 PM 74088]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 5:52 PM 1078632]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [2/28/2006 7:00 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/11/2010 2:22 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1389400]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [12/18/2009 2:40 PM 10688]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/10/2010 9:10 AM 401920]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/28/2008 5:32 PM 29744]
S4 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [9/29/2009 5:41 AM 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 19:21]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://stories.scrapbooksetc.com/create/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\qpx8y84r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: eBay Quick Search: ebayquicksearch@upaaya - %profile%\extensions\ebayquicksearch@upaaya
FF - Ext: AmazonAssist: sidecar@amazon.com - %profile%\extensions\sidecar@amazon.com
FF - Ext: CrowdStar Gamebar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
FF - Ext: PriceTrace: {72938f90-8d8a-11de-8a39-0800200c9a66} - %profile%\extensions\{72938f90-8d8a-11de-8a39-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Dad\Application Data\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 23:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-12-20 23:57:56
ComboFix-quarantined-files.txt 2010-12-21 04:57
ComboFix2.txt 2010-12-21 01:20

Pre-Run: 422,896,689,152 bytes free
Post-Run: 422,871,339,008 bytes free

- - End Of File - - D00D67EA211A2C46EEF45B516E715B26

#10 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 21 December 2010 - 09:03 AM

hi MystyC,

Could you please check whether IE is still crashing? Also please try updating to IE8 and see if it crashes the computer.

#11 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 21 December 2010 - 09:36 AM

Well it seems to work now! TY so much! is it safe to redownload AVG? Right now I do not have an Antivirus on here.. TY Again!

#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 21 December 2010 - 11:57 AM

Great! :)

First we need to uninstall combofix:

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image
  • The following will implement some very important cleanup procedures as well as reset System Restore points.


After that,


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

And then you can reinstall AVG 2011 on your system.

Let me know if all goes smoothly :)

#13 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 21 December 2010 - 02:18 PM

Thank you so much! My AVG is updating & Scanning now! seems everything is working!! Your awesome & I cant thank you enough!!

#14 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:10:15 AM

Posted 21 December 2010 - 05:56 PM

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and merry christmas! :)

#15 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:09:15 AM

Posted 23 December 2010 - 12:44 PM

Ok Sorry for the delay, our internet has been running super slow & I couldnt get online.. then last night it was totally out lol. I am hoping they (ISP) finally fixed it... I was reading down the list you provided & that "teatime" was there.. should I go ahead & install that program w/ the teatime? I thought that was 1 of the things causing me the issue before.. just wanted to make sure before I messed it up again lol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users