Jump to content

tomzpc

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. tomzpc
    Hopefully I'm all set! Thanks again Elise. Much appreciated.
  2. tomzpc
    Well, apparently I wasn't out of the wood yet. Hope this fixes things. Why didn't AVG or MBAM find this, or even Combofix? the ESET online scanner ran for just over ywo hours and reported 2 infected files and 2 cleaned files. Here's the log Elise: C:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\SYMC8XX.SYS.vir Win32/Olmarik.ZC trojan cleaned - quarantined
  3. tomzpc
    Thanks Elise! Old versions of Jave have been removed and the latest version installed as suggested. The MBAM log looks clean: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4145 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/26/2010 10:38:30 AM mbam-log-2010-05-26 (10-38-30).txt Scan type: Full scan (C:\|) Objects scanned: 257294 Time elapsed: 1 hour(s), 12 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. tomzpc
    Elise, I'm going to proceed with the cleaning as described. I also upgraded to the full paid version of MBAM and will use that along with it's realtime protection. Thanks for the warnings. Could you give me identifying names for the infections found so that I can do some reading and research on them? Tom
  5. tomzpc
    Hello again Elise, Okay, I ran ComboFix. The first time it hung up so after a couple of hours I just re-booted the machine. The second time it ran successfully and at one point gave me the message "combofix has detected rootkit activity and needs to reboot the machine" which it did successfully before running through to completion. Here's the log file...it clearly found something but I'm not sure if I'm done yet? ------------------------------ ComboFix 10-05-24.07 - PAH 05/26/2010 8:09.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.648 [GMT -4:00] Running from: c:\documents and settings\PAH\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\PAH\Application Data\Dealio c:\documents and settings\PAH\Application Data\Dealio\res\widgets.xml c:\documents and settings\PAH\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettings.dll c:\program files\Dealio Toolbar\SearchSettings.exe c:\program files\Dealio Toolbar\SearchSettingsRes409.dll c:\program files\Dealio Toolbar\sscfg.ini c:\program files\Dealio Toolbar\WidgiHelper.exe c:\windows\system32\bszip.dll c:\windows\system32\gotomon.log Infected copy of c:\windows\system32\drivers\SYMC8XX.SYS was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))) . 2010-05-24 18:05 . 2010-05-24 18:05 503808 ----a-w- c:\documents and settings\PAH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58b7926c-n\msvcp71.dll 2010-05-24 18:05 . 2010-05-24 18:05 499712 ----a-w- c:\documents and settings\PAH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58b7926c-n\jmc.dll 2010-05-24 18:05 . 2010-05-24 18:05 348160 ----a-w- c:\documents and settings\PAH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58b7926c-n\msvcr71.dll 2010-05-24 17:11 . 2010-05-24 17:11 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-21 20:55 . 2010-05-24 17:09 -------- d-----w- c:\program files\ERUNT 2010-05-17 17:13 . 2010-05-20 17:58 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-14 18:55 . 2010-05-24 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-14 18:55 . 2010-05-14 18:55 -------- d-----w- c:\documents and settings\PAH\Application Data\SUPERAntiSpyware.com 2010-05-13 18:48 . 2010-05-13 18:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-25 18:13 . 2008-12-10 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-25 12:18 . 2005-05-28 19:13 -------- d-----w- c:\program files\Carlson Software 2004 2010-05-24 21:58 . 2009-01-19 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-24 18:50 . 2006-10-27 18:27 49 ----a-w- c:\windows\wpd99.drv 2010-05-24 18:50 . 2006-10-27 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-05-24 17:10 . 2006-05-09 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-24 17:10 . 2006-05-09 00:16 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-20 10:20 . 2009-06-12 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-05-05 14:59 . 2008-11-14 17:54 1 ----a-w- c:\documents and settings\PAH\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-21 13:05 . 2009-01-16 22:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-06 17:25 . 2010-04-06 17:25 -------- d-----w- c:\program files\IGC 2010-04-06 12:36 . 2005-05-24 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-29 12:24 . 2009-01-16 22:06 -------- d-----w- c:\program files\AVG 2010-03-29 12:24 . 2009-01-16 22:07 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-29 12:24 . 2009-01-16 22:07 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-29 12:24 . 2009-01-16 22:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-29 12:21 . 2010-03-29 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2005-12-07 11:18 . 2005-12-07 11:18 59168 ----a-w- c:\program files\MC . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856] "Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-10-07 81920] "Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-10-10 167936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-27 149280] "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-05-24 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-24 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Iomega ImIconXP"="c:\program files\Iomega\REV System Software\imiconxp.exe" [2004-10-14 57344] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-29 12:24 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\SYSTEM32\DRIVERS\imdrvfsf.sys [7/13/2004 11:22 AM 16006] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/16/2009 6:07 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [1/16/2009 6:07 PM 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/29/2010 8:22 AM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/29/2010 8:22 AM 308064] S2 gupdate1c95c9e8484734;Google Update Service (gupdate1c95c9e8484734);c:\program files\Google\Update\GoogleUpdate.exe [12/12/2008 5:10 PM 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/29/2010 8:24 AM 369920] --- Other Services/Drivers In Memory --- *Deregistered* - revfs . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 12:03] 2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 21:32] 2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 21:32] 2010-05-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} - hxxp://www.flycalc.com/loadercalc_win.cab DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx . . ------- File Associations ------- . .scr=CarlsonSoftwareScriptFile . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll HKLM-Run-pdfSaver3 - (no file) HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-26 08:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3421004367-556548505-3135315913-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2612) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Iomega\REV System Software\RevUDF.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-05-26 08:24:50 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-26 12:24 Pre-Run: 124,635,086,848 bytes free Post-Run: 125,223,366,656 bytes free - - End Of File - - 25DF0566AD741E29438AEE0806128A1E
  6. tomzpc
    Thanks, will do. I probably won't be able to respond with the combofix info until tomorrow a.m. US eastern time. Hopefully you're still around. Thanks for the help so far. It is greatly appreciated!
  7. tomzpc
    Elise, can I stop the "full" GMER scan and go ahead and proceed with combofix? Was the GMER sections scan satisfactory? Based on what happened earlier I expect the full GMER scan to take hours if it even gets through without crashing. Thanks! Tom
  8. tomzpc
    Okay, GMER was running for over 90 minutes and the computer just crashed and had to be rebooted. The good news is that the internet is now working again on the infected computer for some reason. I've started GMER again but first I ran it with only sections checked as you asked and below is the result of that Elise. Thanks...Tom GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-25 11:42:15 Windows 5.1.2600 Service Pack 3 Running: lj38z8fd.exe; Driver: C:\DOCUME~1\PAH\LOCALS~1\Temp\pxtdapob.sys ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6044F80] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C .text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00ED000A .text C:\WINDOWS\Explorer.EXE[2000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A .text C:\WINDOWS\Explorer.EXE[2000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A .text C:\WINDOWS\Explorer.EXE[2000] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C .text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009B000A .text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009C000A .text C:\WINDOWS\system32\wuauclt.exe[3324] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009A000C ---- EOF - GMER 1.0.15 ----
  9. tomzpc
    GMER is still running Elise. It's taking quite a long time. As soon as it's done I'll get the log posted. Thanks!!!!! Tom
  10. tomzpc
    Thanks for responding Elise! Things are getting worse this morning. The infected computer is currently not connecting to the internet so I'm replying from another PC. Fortunately I was able to download the OTL and GMER files prior to losing the internet connection. I ran them and have copied the files to a disk so that I could transfer them to this other PC for posting. Here goes........... Here's the OTL.TXT file OTL logfile created on: 5/25/2010 8:13:07 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PAH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 355.00 Mb Available Physical Memory | 35.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 2000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.46 Gb Total Space | 116.06 Gb Free Space | 79.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL1 Current User Name: PAH Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/25 08:06:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAH\Desktop\OTL.exe PRC - [2010/04/21 09:05:47 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/04/21 09:05:45 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/04/01 09:56:32 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/03/29 08:23:43 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/03/29 08:22:59 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/03/29 08:22:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/03/29 08:22:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/03/29 08:22:46 | 000,751,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe PRC - [2009/10/10 18:43:14 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe PRC - [2009/10/08 13:13:52 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2009/10/07 18:18:02 | 000,081,920 | ---- | M] (Compete Inc) -- C:\Program Files\Upromise\dca-ua.exe PRC - [2009/04/01 12:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/03 06:09:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2005/05/24 00:49:38 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2004/10/14 11:58:58 | 000,057,344 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\REV System Software\ImIconXp.exe PRC - [2004/08/23 12:53:38 | 000,053,248 | ---- | M] (Iomega Corp) -- C:\Program Files\Iomega\REV System Software\RevUDF.exe PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2004/03/23 13:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe PRC - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe PRC - [2003/09/04 10:56:26 | 007,422,464 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Carlson Software 2004\STAR.exe ========== Modules (SafeList) ========== MOD - [2010/05/25 08:06:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAH\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/03/29 08:22:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/03/29 08:22:54 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2004/08/23 12:53:38 | 000,053,248 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Program Files\Iomega\REV System Software\RevUDF.exe -- (RevUDFService) SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2004/03/23 13:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - [2010/04/21 09:05:46 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (AvgTdiX) DRV - [2010/03/29 08:24:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/29 08:24:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86) DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/05/24 00:49:42 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM) DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004/11/11 18:10:00 | 002,738,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt) DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2004/07/13 11:22:38 | 000,016,006 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys -- (imdrvfsf) DRV - [2004/05/29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k) DRV - [2004/03/23 13:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MASPINT.SYS -- (MASPINT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/26 15:55:17 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/01/28 12:12:03 | 000,000,783 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 91.207.117.244 browser-security.microsoft.com O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll () O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll () O3 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [iomega ImIconXP] C:\Program Files\Iomega\REV System Software\ImIconXp.exe (Iomega Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [pdfSaver3] File not found O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [searchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005..\Run: [upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe () O4 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005..\Run: [upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3421004367-556548505-3135315913-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.) O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} http://www.flycalc.com/loadercalc_win.cab (FlyLoader Class) O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} https://www.play.net/components/activex/AXSAL.ocx (Launcher Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pc.mywebexpc.com/client/v_mywebex-p.../ra/ieatgpc.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.151.8.211 24.151.8.210 66.189.130.5 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\Documents and Settings\PAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\PAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/05/25 08:06:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PAH\Desktop\OTL.exe [2010/05/21 16:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/05/21 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/05/20 06:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/05/14 14:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PAH\Application Data\SUPERAntiSpyware.com [2010/05/14 14:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/05/13 14:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/13 14:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/04/06 13:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\IGC [2010/03/29 08:24:58 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/03/29 08:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/03/25 11:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PAH\Desktop\HARVARD DRIVE-HARTSDALE JOB [2010/03/10 07:12:53 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/05/25 08:06:47 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAH\Desktop\OTL.exe [2010/05/25 08:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/25 08:00:17 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\PAH\ntuser.dat [2010/05/25 07:58:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/05/25 07:58:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/05/25 07:58:05 | 000,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/05/25 07:58:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/25 07:58:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/25 07:57:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/05/25 07:57:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\PAH\NTUSER.INI [2010/05/25 01:41:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/05/25 00:06:46 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/24 18:34:40 | 060,343,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/05/24 14:50:40 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2010/05/24 11:15:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/05/24 08:41:50 | 000,057,859 | ---- | M] () -- C:\acadminidump.dmp [2010/05/21 17:13:52 | 000,003,852 | ---- | M] () -- C:\Documents and Settings\PAH\Desktop\Attach.zip [2010/05/20 13:58:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/19 16:05:08 | 000,028,675 | ---- | M] () -- C:\Documents and Settings\PAH\Desktop\DOPPLER RADAR.url [2010/05/10 15:25:14 | 000,112,942 | ---- | M] () -- C:\Documents and Settings\PAH\Desktop\04091-wb-4-30-10.dwg [2010/04/21 10:59:23 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\PAH\Desktop\GMAIL.url [2010/04/21 09:05:46 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/04/14 16:49:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/14 16:49:15 | 002,001,738 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2010/04/12 15:00:36 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carlson Survey 2004.lnk [2010/04/07 20:27:33 | 000,026,843 | ---- | M] () -- C:\Documents and Settings\PAH\My Documents\tz-2010-forkdraft.ods [2010/04/06 13:25:57 | 000,001,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brava! Reader.lnk [2010/03/29 08:24:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/03/29 08:24:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/03/29 08:24:32 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk [2010/03/29 08:24:31 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/03/29 08:24:29 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/03/15 05:59:02 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2010/03/15 05:59:02 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2010/03/15 05:59:01 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010/03/08 14:43:36 | 000,013,839 | ---- | M] () -- C:\Documents and Settings\PAH\My Documents\TOM FAX COVER.odt [2010/03/08 14:37:30 | 000,013,005 | ---- | M] () -- C:\Documents and Settings\PAH\My Documents\Fax Cover Sheet.ott [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010/02/25 02:24:37 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010/02/25 02:24:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010/02/25 02:24:36 | 005,944,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/25 00:06:46 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2010/05/21 17:13:52 | 000,003,852 | ---- | C] () -- C:\Documents and Settings\PAH\Desktop\Attach.zip [2010/05/17 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/10 15:25:14 | 000,112,942 | ---- | C] () -- C:\Documents and Settings\PAH\Desktop\04091-wb-4-30-10.dwg [2010/05/10 07:30:35 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\PAH\ntuser.dat [2010/04/07 19:24:35 | 000,026,843 | ---- | C] () -- C:\Documents and Settings\PAH\My Documents\tz-2010-forkdraft.ods [2010/04/06 13:25:57 | 000,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brava! Reader.lnk [2010/03/29 08:24:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk [2010/03/08 14:43:35 | 000,013,839 | ---- | C] () -- C:\Documents and Settings\PAH\My Documents\TOM FAX COVER.odt [2010/03/08 14:37:30 | 000,013,005 | ---- | C] () -- C:\Documents and Settings\PAH\My Documents\Fax Cover Sheet.ott [2009/11/12 14:51:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI [2009/01/28 12:22:47 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2008/04/02 20:29:44 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/11/03 06:37:56 | 000,000,075 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini [2006/10/27 14:27:42 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2006/10/27 14:27:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2006/10/27 14:26:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2006/10/27 14:26:15 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2005/12/22 16:56:01 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL [2005/12/22 16:56:01 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini [2005/05/24 00:53:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/24 00:51:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/05/24 00:20:26 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2002/01/10 12:16:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\crddll.dll [1999/12/10 00:19:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarCodeLib.dll < End of report > and here's the Extras.txt from the OTL scan OTL Extras logfile created on: 5/25/2010 8:13:07 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\PAH\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 355.00 Mb Available Physical Memory | 35.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 2000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.46 Gb Total Space | 116.06 Gb Free Space | 79.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL1 Current User Name: PAH Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition "{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 3.3 "{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2 "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files "{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85AAB464-E0EE-4A3F-BD22-15150B0846B7}" = imagePROGRAF Firmware Update Tool "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch
  11. tomzpc
    Hi, Most of the links that I click on are being redirected to ad sites. I've run malwarebytes and Search & Destroy multiple times with no luck. AVG doesn't pick it up either. Now this morning I've been having problems with the home network as well as a complete slowdown. I did a system restore to two weeks ago and the network issue has been fixed but still getting the other problems, and on top of that MBAM will no longer run, I get the following messageL Error Code: 714 (0, 9). Help would be greatly appreciated!!!!! Tom Here's my dds.txt from Friday: DDS (Ver_10-03-17.01) - NTFSx86 Run by tom at 16:59:03.26 on Fri 05/21/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.388 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Iomega\REV System Software\imiconxp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Upromise\dca-ua.exe C:\Program Files\Upromise\UpromiseTray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Iomega\REV System Software\RevUDF.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\PAH\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [upromise Update] c:\program files\upromise\dca-ua.exe uRun: [upromise Tray] c:\program files\upromise\UpromiseTray.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [<NO NAME>] mRun: [iomega ImIconXP] c:\program files\iomega\rev system software\imiconxp.exe mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [pdfSaver3] mRun: [sNM] c:\program files\spynomore\SNM.exe /startup mRun: [searchSettings] c:\program files\dealio toolbar\SearchSettings.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\docume~1\pah\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/0.9.0929.18/WinSSWebAgent.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10802} - hxxp://www.flycalc.com/loadercalc_win.cab DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pc.mywebexpc.com/client/v_mywebex-pcnow/ra/ieatgpc.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 91.207.117.244 browser-security.microsoft.com ============= SERVICES / DRIVERS =============== R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [2004-7-13 16006] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-16 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-16 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-16 242896] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-29 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-29 308064] S2 gupdate1c95c9e8484734;Google Update Service (gupdate1c95c9e8484734);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-29 369920] ============== File Associations =============== .scr=CarlsonSoftwareScriptFile =============== Created Last 30 ================ 2010-05-17 17:13:37 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-14 18:55:24 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-05-14 18:55:12 0 d-----w- c:\program files\SUPERAntiSpyware 2010-05-14 18:55:12 0 d-----w- c:\docume~1\pah\applic~1\SUPERAntiSpyware.com 2010-05-14 18:54:54 0 d-----w- c:\program files\common files\Wise Installation Wizard ==================== Find3M ==================== 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 13:05:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-29 12:24:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-29 12:24:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2005-12-07 11:18:07 59168 ----a-w- c:\program files\MC 2008-09-05 12:07:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat 2009-01-28 16:28:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012820090129\index.dat ============= FINISH: 17:00:44.89 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.