Freddie Frog

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4294 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/8/2010 11:33:31 PM mbam-log-2010-07-08 (23-33-31).txt Scan type: Quick scan Objects scanned: 147741 Time elapsed: 9 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Well, It must have something squirreled away, because all at once today, the ole' familiar face of AV Security Suite surfaces again. This time I pulled the plug, booted in safe mode, and ran Malwarebytes. It found 8 infections, got rid of them, and then I ran SpyBot which found another one, Fraud.Sysguard. I removed that. It seems like there is a well hidden Trojan in the machine that surfaces like a hidden parasite after a 'thorough' scan, and reinfects the machine.

Did it. What's next? Now if I could get my sound back, Firefox could look the same, and hopefully I quit the browser hijacks.

Sorry, trouble posting. Here's the rest of the file OTL.txt: O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\

Try again: OTL.Txt Extras.Txt

Sorry, trouble posting. Here's the rest of the file OTL.txt: O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system3

Firefox: "The connection was reset" IE: "The page was unavailable"

OTL logfile created on: 6/17/2010 10:31:56 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\frog\Desktop\Security Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 146.99 Gb Free Space | 63.12% Space Free | Partition Type: NTFS Drive D: | 698.63 Gb Total Space | 547.37 Gb Free Space | 78.35% Space Free | Partition Type: NTFS Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive M: | 930.86 Gb Total Space | 538.71 Gb Free Space | 57.87% Space Free | Partition Type: NTFS Computer Name: Big Pond Current User Name: frog Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) PRC - C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\FlashGet\fgmgr.dll (www.flashget.com) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (CoreSrvr) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (HDAudBus) -- File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3925 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedengine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {6F8B045E-CFF4-48e4-AA37-8257B9F02A85}:1.0.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/04 11:21:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/10 12:15:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/15 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions [2010/02/15 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009/03/25 04:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/17 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions [2010/06/07 09:51:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/05/24 10:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/04/30 21:37:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/12 20:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/02/13 19:11:05 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/05/25 20:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/02 05:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/02 05:57:23 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/02 05:57:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/03/04 11:21:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/04/02 05:57:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/05/25 17:37:56 | 000,000,859 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahoo.xml O1 HOSTS File: ([2009/03/25 06:02:43 | 000,303,042 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10444 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (EventSession Class) - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\Program Files\Fast YouTube Downloader\IEStript.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [intelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sigmatelSysTrayApp] File not found O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\frog\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_

OTL logfile created on: 6/17/2010 10:31:56 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\frog\Desktop\Security Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 146.99 Gb Free Space | 63.12% Space Free | Partition Type: NTFS Drive D: | 698.63 Gb Total Space | 547.37 Gb Free Space | 78.35% Space Free | Partition Type: NTFS Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive M: | 930.86 Gb Total Space | 538.71 Gb Free Space | 57.87% Space Free | Partition Type: NTFS Computer Name: Big Pond Current User Name: frog Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) PRC - C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\FlashGet\fgmgr.dll (www.flashget.com) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (CoreSrvr) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (HDAudBus) -- File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3925 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedengine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {6F8B045E-CFF4-48e4-AA37-8257B9F02A85}:1.0.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/04 11:21:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/10 12:15:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/15 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions [2010/02/15 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009/03/25 04:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/17 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions [2010/06/07 09:51:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/05/24 10:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/04/30 21:37:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/12 20:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/02/13 19:11:05 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/05/25 20:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/02 05:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/02 05:57:23 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/02 05:57:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/03/04 11:21:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/04/02 05:57:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/05/25 17:37:56 | 000,000,859 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahoo.xml O1 HOSTS File: ([2009/03/25 06:02:43 | 000,303,042 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10444 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (EventSession Class) - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\Program Files\Fast YouTube Downloader\IEStript.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [intelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sigmatelSysTrayApp] File not found O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\frog\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_

OTL logfile created on: 6/17/2010 10:31:56 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\frog\Desktop\Security Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 146.99 Gb Free Space | 63.12% Space Free | Partition Type: NTFS Drive D: | 698.63 Gb Total Space | 547.37 Gb Free Space | 78.35% Space Free | Partition Type: NTFS Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive M: | 930.86 Gb Total Space | 538.71 Gb Free Space | 57.87% Space Free | Partition Type: NTFS Computer Name: Big Pond Current User Name: frog Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) PRC - C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\FlashGet\fgmgr.dll (www.flashget.com) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (CoreSrvr) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (HDAudBus) -- File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3925 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedengine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {6F8B045E-CFF4-48e4-AA37-8257B9F02A85}:1.0.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/04 11:21:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/10 12:15:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/15 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions [2010/02/15 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009/03/25 04:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/17 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions [2010/06/07 09:51:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/05/24 10:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/04/30 21:37:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/12 20:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/02/13 19:11:05 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/05/25 20:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/02 05:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/02 05:57:23 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/02 05:57:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/03/04 11:21:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/04/02 05:57:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/05/25 17:37:56 | 000,000,859 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahoo.xml O1 HOSTS File: ([2009/03/25 06:02:43 | 000,303,042 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10444 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (EventSession Class) - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\Program Files\Fast YouTube Downloader\IEStript.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [intelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sigmatelSysTrayApp] File not found O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\frog\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Micro

OTL logfile created on: 6/17/2010 10:31:56 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\frog\Desktop\Security Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 146.99 Gb Free Space | 63.12% Space Free | Partition Type: NTFS Drive D: | 698.63 Gb Total Space | 547.37 Gb Free Space | 78.35% Space Free | Partition Type: NTFS Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive M: | 930.86 Gb Total Space | 538.71 Gb Free Space | 57.87% Space Free | Partition Type: NTFS Computer Name: Big Pond Current User Name: frog Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) PRC - C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\frog\Desktop\Security\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\FlashGet\fgmgr.dll (www.flashget.com) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (CoreSrvr) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (HDAudBus) -- File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3925 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.selectedengine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {6F8B045E-CFF4-48e4-AA37-8257B9F02A85}:1.0.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/04 11:21:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 05:57:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/10 12:15:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/15 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions [2010/02/15 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009/03/25 04:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/17 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions [2010/06/07 09:51:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/05/24 10:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/04/30 21:37:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/12 20:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/02/13 19:11:05 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2009/11/11 14:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\frog\Application Data\Mozilla\Firefox\Profiles\5n9567mx.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/05/25 20:03:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/02 05:57:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/02 05:57:23 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/02 05:57:23 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/03/04 11:21:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/04/02 05:57:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/05/25 17:37:56 | 000,000,859 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahoo.xml O1 HOSTS File: ([2009/03/25 06:02:43 | 000,303,042 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10444 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (EventSession Class) - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\Program Files\Fast YouTube Downloader\IEStript.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O4 - HKLM..\Run: [intelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sigmatelSysTrayApp] File not found O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe (eGrabber Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\frog\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10

What am I downloading?

I picked up the "AV Security Suite" malware about two weeks ago, and even after repeated scans with Malwarebytes, it comes back to plague my internet connections, bring my network down, and redirect and change my browsers. Is there something I'm missing? Here;s my HIjack this log: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 11:12:00 AM, on 6/17/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\FlashGet\FlashGet.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3925 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: IEStript.com - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\PROGRA~1\FASTYO~1\IEStript.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min O4 - HKLM\..\Run: [nqsamfjc] c:\documents and settings\frog\local settings\application data\kivyegrle\ilrnda.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [nqsamfjc] c:\documents and settings\frog\local settings\application data\kivyegrle\ilrnda.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Activate DYMO LabelWriter Add-In.lnk = C:\Program Files\DYMO Label\DYMO LabelWriter Add-In\DymoLaunch.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Progr