Internet Explorer Redirected

[raywilson51]

Hello there

I wonder if someone can assist me with the ongoing problem of my Internet Explorer being redirected to other sites such as ebay and some antivirus or anti malware sites. This first started when I had AVG 9 and MBAM only installed. Neither detected anything wrong. I installed SpyBot Search and Destroy and it found several malware items such as Win32Zbot and Win32.Agent.p3 as well as MS Windows Security Centre Overide. All were removed and the PC appeared clean. When I next accessed the internet the redirects reappeared. I have tried unsuccessfully for 3 days to try to identify the problem but have had no success. Can anyone please help.

Thanks

Ray

Below are the logs from Hijack This and MBAM

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:08:11, on 07/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\BTSetBootKey.exe

C:\WINDOWS\system32\BtUsrBdg.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe

O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Program Files\CyberScrub Privacy Suite\CSPSeraser.exe" "/R:C:\Documents and Settings\Ray\Application Data\CyberScrub\Privacy Suite"

O4 - HKUS\S-1-5-21-484763869-113007714-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.belfastcity.gov.uk/webcam/AxisCamControl.ocx

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://62.160.78.51/activex/AMC.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: McAfee Application Installer Cleanup (0011511230544103) (0011511230544103mcinstcleanup) - Unknown owner - C:\DOCUME~1\Ray\LOCALS~1\Temp\001151~1.EXE (file missing)

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate1c9ff3b81eb3c) (gupdate1c9ff3b81eb3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 8501 bytes

Malwarebytes' Anti-Malware 1.41

Database version: 3116

Windows 5.1.2600 Service Pack 3

07/11/2009 16:49:34

mbam-log-2009-11-07 (16-49-34).txt

Scan type: Full Scan (C:\|)

Objects scanned: 166451

Time elapsed: 29 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[kahdah]

Hello raywilson51

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

===========

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

[raywilson51]

Hello raywilson51

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

===========

Download This file. Note its name and save it to your root folder, such as C:\.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  
• Click on this link to see a list of programs that should be disabled.
  
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  
• Allow the driver to load if asked.
  
• You may be prompted to scan immediately if it detects rootkit activity.
  
• If you are prompted to scan your system click "Yes" to begin the scan.
  
• If not prompted, click the "Rootkit/Malware" tab.
  
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  
• Select all drives that are connected to your system to be scanned.
  
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
  
• When the scan is finished, click Save to save the scan results to your Desktop.
  
• Save the file as Results.log and copy/paste the contents in your next reply.
  
• Exit the program and re-enable all active protection when done.
  

Hello Kahdah

Thank you for the reply and for your help.

Here are the 2 files from OTL followed by the Resultslog

OTL logfile created on: 08/11/2009 18:03:44 - Run 1

OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Ray\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.67% Memory free

3.35 Gb Paging File | 2.88 Gb Available in Paging File | 86.06% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 46.85 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ATHLON64

Current User Name: Ray

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ray\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\BtUsrBdg.exe (Extended Systems, Inc.)

PRC - C:\WINDOWS\system32\BTSetBootKey.exe ()

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ray\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (0011511230544103mcinstcleanup) -- File not found

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (gupdate1c9ff3b81eb3c) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)

SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (atapi) -- C:\WINDOWS\System32\DRIVERS\atapi.sys ()

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)

DRV - (Bonifay) -- C:\WINDOWS\system32\drivers\Bonifay.sys (Freecom)

DRV - (Gonzales) -- C:\WINDOWS\system32\drivers\Gonzales.sys (Freecom)

DRV - (ARCSOFTVIRTUALCAPTURE) -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys (ArcSoft, Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)

DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)

DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (E1000) -- C:\WINDOWS\system32\drivers\e1000325.sys (Intel Corporation)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (BTCOMM) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)

DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices, Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (vad_multi) -- C:\WINDOWS\system32\drivers\vadmulti.sys (Windigo Systems)

DRV - (CSRBC01) -- C:\WINDOWS\system32\drivers\csrbc01.sys (Windigo)

DRV - (BTKRNBDG) -- C:\WINDOWS\system32\drivers\BtKrnBdg.sys (Windigo Systems)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/29 20:21:26 | 00,000,000 | ---D | M]

O1 HOSTS File: (350653 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12022 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [bTSETBOOTKEY] C:\WINDOWS\System32\BTSetBootKey.exe ()

O4 - HKLM..\Run: [bTUSRBDG] C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PuXpTwks.exe (ashampoo GmbH & Co. KG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.belfastcity.gov.uk/webcam/AxisCamControl.ocx (CamImage Class)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://62.160.78.51/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/03/06 18:16:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 18:01:54 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe

[2009/11/07 19:21:19 | 07,910,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\Ray\Desktop\Firefox Setup 3.5.5.exe

[2009/11/07 16:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/07 15:59:53 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HJTInstall.exe

[2009/11/07 14:48:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/11/07 14:28:19 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/11/07 14:26:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/11/07 14:26:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/11/07 14:26:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/11/07 14:26:36 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/11/07 14:20:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/07 14:19:15 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/07 12:09:13 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/11/07 12:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\PCHealth

[2009/11/07 12:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2009/11/07 09:17:43 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/06 19:57:00 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Ray\Desktop\Ad-AwareInstallation.exe

[2009/11/06 19:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/11/06 19:48:55 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ray\Desktop\spybotsd162.exe

[2009/11/06 19:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/11/03 13:12:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\My Received Files

[2009/10/19 20:23:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/19 20:23:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/19 20:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/19 20:19:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\AVG Scan Folder

[2009/10/19 18:32:30 | 00,000,000 | ---D | C] -- C:\$AVG

[2009/10/19 18:32:18 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/19 18:32:18 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/19 18:32:12 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/19 18:32:10 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/19 18:32:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/10/19 18:31:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/10/19 18:10:52 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ray\My Documents\avg_free_stb_all_8_37_cnet.exe

[2009/10/12 09:43:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\Sicily 2009

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/08 18:02:01 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe

[2009/11/08 18:00:01 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/11/08 17:59:50 | 44,807,895 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/08 17:59:33 | 00,086,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/08 17:56:52 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/11/08 17:56:32 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/08 17:56:04 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/11/08 17:56:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/08 17:55:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/07 20:37:23 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Ray\ntuser.dat

[2009/11/07 20:37:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini

[2009/11/07 20:37:16 | 21,399,214 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db

[2009/11/07 20:33:00 | 00,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003UA.job

[2009/11/07 19:21:34 | 07,910,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\Ray\Desktop\Firefox Setup 3.5.5.exe

[2009/11/07 18:40:38 | 00,019,694 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091107_184032.reg

[2009/11/07 18:33:00 | 00,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003Core.job

[2009/11/07 18:00:05 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\MBAM Help with infection.doc

[2009/11/07 17:49:20 | 03,562,675 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Combo-Fix.exe

[2009/11/07 17:40:26 | 00,073,281 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\JavaRa.zip

[2009/11/07 17:22:06 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Microsoft Word.lnk

[2009/11/07 16:06:22 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Windows Explorer.lnk

[2009/11/07 16:00:12 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\HijackThis.lnk

[2009/11/07 15:59:53 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HJTInstall.exe

[2009/11/07 14:45:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/07 14:28:31 | 00,000,264 | RHS- | M] () -- C:\boot.ini

[2009/11/07 11:56:52 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\WindowsDefender.msi

[2009/11/07 11:35:25 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/07 11:30:43 | 00,000,193 | ---- | M] () -- C:\Boot.bak

[2009/11/07 09:17:37 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/06 20:51:21 | 00,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009/11/06 19:58:40 | 00,350,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/11/06 19:57:02 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Ray\Desktop\Ad-AwareInstallation.exe

[2009/11/06 19:51:16 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk

[2009/11/06 19:40:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ray\Desktop\spybotsd162.exe

[2009/11/06 14:39:41 | 00,004,442 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091106_143936.reg

[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/11/05 22:02:43 | 00,004,442 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091105_220238.reg

[2009/11/04 12:20:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/11/03 20:52:42 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/11/03 18:45:58 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Welcome To Cutting Edge Helicopters.doc

[2009/11/03 12:08:59 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/11/02 20:22:07 | 00,002,688 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091102_202203.reg

[2009/11/02 20:21:06 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk

[2009/11/01 10:30:38 | 00,335,872 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CEH.mdb

[2009/10/26 16:46:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/26 16:42:11 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/26 16:42:11 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/26 16:42:11 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2009/10/21 12:37:36 | 00,056,785 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\995260.zip

[2009/10/19 23:53:44 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/10/19 23:53:44 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/10/19 20:23:39 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/19 20:21:46 | 00,000,437 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Shared Documents.lnk

[2009/10/19 18:32:18 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/19 18:32:18 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2009/10/19 18:32:12 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/19 18:32:10 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/19 18:32:10 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/19 18:32:05 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/19 18:32:05 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/19 18:16:08 | 00,010,872 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091019_191603.reg

[2009/10/19 18:11:03 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ray\My Documents\avg_free_stb_all_8_37_cnet.exe

[2009/10/16 18:23:03 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/15 21:49:35 | 05,636,952 | ---- | M] (CyberScrub LLC ) -- C:\Documents and Settings\Ray\My Documents\psuite51.exe

[2009/10/14 17:53:47 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Hornsby Inkjet dispute.doc

[2009/10/14 10:28:34 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/07 18:40:34 | 00,019,694 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091107_184032.reg

[2009/11/07 17:49:16 | 03,562,675 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Combo-Fix.exe

[2009/11/07 17:40:25 | 00,073,281 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\JavaRa.zip

[2009/11/07 17:31:45 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\MBAM Help with infection.doc

[2009/11/07 16:00:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\HijackThis.lnk

[2009/11/07 14:28:30 | 00,000,193 | ---- | C] () -- C:\Boot.bak

[2009/11/07 14:28:25 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/11/07 14:26:36 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/11/07 14:26:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/11/07 14:26:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/11/07 14:26:36 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/11/07 14:26:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/11/07 12:01:26 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\WindowsDefender.msi

[2009/11/07 09:18:10 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/11/06 20:51:20 | 00,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/11/06 19:51:16 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk

[2009/11/06 14:39:38 | 00,004,442 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091106_143936.reg

[2009/11/05 22:02:40 | 00,004,442 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091105_220238.reg

[2009/11/04 19:09:59 | 08,388,608 | ---- | C] () -- C:\Documents and Settings\Ray\ntuser.dat

[2009/11/03 18:42:47 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Welcome To Cutting Edge Helicopters.doc

[2009/11/02 20:22:04 | 00,002,688 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091102_202203.reg

[2009/10/19 20:23:39 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/19 18:32:18 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2009/10/19 18:32:10 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/19 18:32:05 | 44,807,895 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/19 18:32:05 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/19 18:32:05 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/19 18:32:05 | 00,086,767 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/19 18:16:05 | 00,010,872 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091019_191603.reg

[2009/10/14 17:53:47 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Hornsby Inkjet dispute.doc

[2009/09/15 17:45:50 | 00,000,303 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2009/09/15 17:45:25 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

[2009/09/15 17:45:22 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini

[2009/05/29 07:53:41 | 00,000,054 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\mm-device-08.ini

[2008/12/22 13:18:07 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2008/12/22 13:18:07 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2008/09/04 15:22:02 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/09/04 15:22:02 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/09/04 15:19:09 | 00,001,054 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/09/04 15:19:09 | 00,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/09/04 15:15:59 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/25 12:22:52 | 00,016,471 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Pamela_Crash_48B2A41C.zip

[2008/08/25 12:09:00 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI

[2008/04/03 14:05:14 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\$_hpcst$.hpc

[2008/01/23 12:23:10 | 00,000,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/12/28 15:29:43 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2007/12/28 15:29:43 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2007/12/28 15:29:42 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2007/12/28 15:29:42 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2007/12/27 19:54:19 | 00,135,048 | -HS- | C] () -- C:\WINDOWS\System32\opqss.ini.vir

[2007/12/27 19:54:19 | 00,135,048 | ---- | C] () -- C:\WINDOWS\System32\opqss.ini2.vir

[2007/12/26 12:44:16 | 00,003,927 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/12/08 14:08:13 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini

[2007/07/21 18:53:58 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL

[2007/06/25 10:27:07 | 00,000,115 | ---- | C] () -- C:\WINDOWS\csact.ini

[2007/06/09 13:08:18 | 21,399,214 | -H-- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db

[2007/06/08 13:59:59 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\PwrUpCid.dll

[2007/05/26 08:25:07 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/04 17:13:07 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/04/29 16:06:30 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/04/29 16:04:07 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini

[2007/04/29 11:17:32 | 00,000,437 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll

[2007/04/27 16:18:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/06 19:25:55 | 00,056,752 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007/03/06 18:56:02 | 00,020,311 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2007/03/06 18:56:00 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2007/03/06 18:55:51 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/03/06 18:39:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ray\Application Data\desktop.ini

[2007/03/06 17:32:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2007/03/06 17:30:34 | 00,000,211 | ---- | C] () -- C:\WINDOWS\System32\BOOTBAK.INI

[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/02/09 13:46:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL

[2005/06/11 10:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll

[2004/09/25 10:20:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL

[2004/09/25 10:20:50 | 00,032,765 | ---- | C] () -- C:\WINDOWS\MSTMON_U.INI

[2004/09/25 10:20:50 | 00,019,619 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI

[2001/08/23 12:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2001/08/23 12:00:00 | 00,000,927 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/08/23 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini

[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2007/04/29 14:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2009/11/05 22:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/30 19:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2009/05/29 07:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License

[2008/05/05 13:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2008/10/17 16:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software

[2007/12/28 09:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RunOff

[2008/09/04 15:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007/12/28 15:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/11/07 15:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/04/29 16:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2008/04/22 08:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Ashampoo

[2008/12/27 21:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\CyberScrub

[2008/06/23 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Destinator

[2009/10/21 12:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\GARMIN

[2009/05/24 14:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\GetRightToGo

[2007/11/18 16:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\HouseCall 6.6

[2008/04/25 09:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\NCH Swift Sound

[2009/04/30 18:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\PC-FAX TX

[2008/09/11 20:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\ScanSoft

[2007/12/28 15:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Simply Super Software

[2007/07/21 18:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\XTND_BTUIObjects

[2009/11/07 11:35:25 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/08 17:56:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4AF47A7

< End of report >

OTL Extras logfile created on: 08/11/2009 18:03:44 - Run 1

OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Ray\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.67% Memory free

3.35 Gb Paging File | 2.88 Gb Available in Paging File | 86.06% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 46.85 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ATHLON64

Current User Name: Ray

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{1CDE4360-7981-11D8-837D-0000E8D55E8A}" = Icom CS-A24

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

[kahdah]

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

[raywilson51]

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

Hi

here is the log

GooredFix by jpshortstuff (24.09.09.1)

Log created at 20:00 on 08/11/2009 (Ray)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:30 28/08/2009]

-=E.O.F=-

[kahdah]

Hmm ok do you have the combofix log please it would be located here C:\Combofix.txt.

If you have it post it please.

[raywilson51]

Hmm ok do you have the combofix log please it would be located here C:\Combofix.txt.

If you have it post it please.

Hi

Combofix log as requested. Please note that there is no Ashampoo Antivirus program on the PC although Combofix seems to think there is !!

ComboFix 09-11-08.02 - Ray 08/11/2009 21:06.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT 0:00]

Running from: c:\documents and settings\Ray\Desktop\Combo-Fix.exe

AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))

.

2009-11-08 18:18 . 2009-11-08 18:18 291328 ----a-w- C:\g1su3dbu.exe

2009-11-07 16:00 . 2009-11-07 16:00 -------- d-----w- c:\program files\Trend Micro

2009-11-07 12:09 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-07 12:06 . 2009-11-07 12:06 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\PCHealth

2009-11-07 12:02 . 2009-11-07 12:02 -------- d-----w- c:\program files\Windows Defender

2009-11-07 09:17 . 2009-11-07 09:17 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-06 19:50 . 2009-11-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-06 19:44 . 2009-11-06 19:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-05 22:10 . 2009-11-05 22:10 -------- d-----w- c:\windows\system32\wbem\Repository

2009-10-26 16:46 . 2009-10-19 18:32 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2009-10-26 16:46 . 2009-10-19 18:31 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2009-10-26 16:46 . 2009-10-19 18:31 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2009-10-19 20:23 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-19 20:23 . 2009-11-07 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-19 20:23 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-19 18:32 . 2009-10-19 18:46 -------- d-----w- C:\$AVG

2009-10-19 18:32 . 2009-10-26 16:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-10-19 18:32 . 2009-10-19 18:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-10-19 18:32 . 2009-10-19 18:32 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-10-19 18:32 . 2009-10-19 18:32 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-19 18:32 . 2009-11-08 17:59 -------- d-----w- c:\windows\system32\drivers\Avg

2009-10-19 18:31 . 2009-11-05 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-07 15:01 . 2007-12-28 15:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-07 14:55 . 2008-02-03 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-06 14:01 . 2008-12-24 11:24 -------- d-----w- c:\program files\Exterminate It!

2009-11-03 20:53 . 2007-06-01 13:27 -------- d-----w- c:\documents and settings\Ray\Application Data\Skype

2009-11-03 18:52 . 2008-11-20 13:41 -------- d-----w- c:\program files\Virtual Earth 3D

2009-11-03 18:50 . 2008-09-29 09:57 -------- d-----w- c:\program files\Macromedia

2009-11-03 13:31 . 2008-08-25 12:22 -------- d-----w- c:\documents and settings\Ray\Application Data\skypePM

2009-10-21 12:54 . 2008-12-13 21:43 -------- d-----w- c:\documents and settings\Ray\Application Data\GARMIN

2009-10-19 18:31 . 2008-12-29 09:56 -------- d-----w- c:\program files\AVG

2009-09-25 05:37 . 2001-08-23 12:00 667136 ------w- c:\windows\system32\wininet.dll

2009-09-25 05:37 . 2007-03-06 19:15 81920 ------w- c:\windows\system32\ieencode.dll

2009-09-21 15:12 . 2009-09-21 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard

2009-09-16 12:21 . 2009-09-16 12:21 -------- d-----w- c:\program files\Common Files\Apple

2009-09-16 12:20 . 2009-09-16 12:20 -------- d-----w- c:\program files\QuickTime

2009-09-16 12:20 . 2007-05-04 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-09-15 17:58 . 2009-09-15 17:46 -------- d-----w- c:\program files\Jasc Software Inc

2009-09-15 17:47 . 2009-09-15 17:47 57344 ----a-r- c:\documents and settings\Ray\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe

2009-09-15 17:47 . 2009-09-15 17:47 57344 ----a-r- c:\documents and settings\Ray\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe

2009-09-15 17:45 . 2009-09-15 17:45 -------- d-----w- c:\program files\Dell 720

2009-09-13 10:36 . 2007-03-06 19:25 56752 ----a-w- c:\documents and settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:00 . 2001-08-23 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll

2007-12-28 15:33 . 2007-12-27 19:54 135048 --sha-w- c:\windows\system32\opqss.ini.vir

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . A16B02EA97B2E9ECDAB5180D29C50AFB . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-11-07_14.45.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-06 18:18 . 2009-11-08 17:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-03-06 18:18 . 2009-11-07 11:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-03-06 18:18 . 2009-11-08 17:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-03-06 18:18 . 2009-11-07 11:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-03-06 18:18 . 2009-11-08 17:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-03-06 18:18 . 2009-11-07 11:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Google Update"="c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-08 133104]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

"PwrUpTweakMe"="c:\windows\system32\PuXpTwks.exe" [2005-09-12 45056]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-26 2010904]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]

"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-05 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-19 18:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/10/2009 18:32 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/10/2009 18:32 360584]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/10/2009 18:31 285392]

R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [19/09/2008 11:04 12928]

R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [21/07/2007 18:54 57512]

R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [21/07/2007 18:54 15876]

R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [25/08/2008 12:09 457856]

R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [21/07/2007 18:54 19840]

S2 0011511230544103mcinstcleanup;McAfee Application Installer Cleanup (0011511230544103);c:\docume~1\Ray\LOCALS~1\Temp\001151~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Ray\LOCALS~1\Temp\001151~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 gupdate1c9ff3b81eb3c;Google Update Service (gupdate1c9ff3b81eb3c);c:\program files\Google\Update\GoogleUpdate.exe [07/07/2009 19:42 133104]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

S3 AshAVMon;AshAVMon; [x]

S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\csrbc01.sys [21/07/2007 18:54 24523]

S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [19/09/2008 11:04 7040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UXLCRPOD

*Deregistered* - mbr

*Deregistered* - PROCEXP113

*Deregistered* - uxlcrpod

.

Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 19:41]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:41]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:41]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003Core.job

- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 17:35]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003UA.job

- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 17:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://62.160.78.51/activex/AMC.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-08 21:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Ray\LOCALS~1\Temp\Perflib_Perfdata_9dc.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A54246E]<<

kernel: MBR read successfully

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(528)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-11-08 21:22

ComboFix-quarantined-files.txt 2009-11-08 21:22

ComboFix2.txt 2009-11-07 14:48

Pre-Run: 50,241,236,992 bytes free

Post-Run: 50,213,396,480 bytes free

- - End Of File - - DB399B3929B82FF42A8A419CE2E28D4F

[kahdah]

===============First===============

Please go to Start > Run then type in cmd then hit the ok button.

In the black box that comes up please copy the text in bold below into the command prompt window and hit enter.

copy /y "c:\windows\ServicePackFiles\i386\atapi.sys" C:\

If it works correctly you will see a 1 file(s) copied message.

If you do not see that message then DO NOT PROCEED but rather stop and alert me to it.

===============Second===============

If you do see the 1 file(s) copied message then do the following.

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
  
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\atapi.sys | c:\windows\system32\drivers\atapi.sys

Files to delete:
c:\windows\system32\opqss.ini.vir

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
  
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

[raywilson51]

===============First===============

Please go to Start > Run then type in cmd then hit the ok button.

In the black box that comes up please copy the text in bold below into the command prompt window and hit enter.

copy /y "c:\windows\ServicePackFiles\i386\atapi.sys" C:\

If it works correctly you will see a 1 file(s) copied message.

If you do not see that message then DO NOT PROCEED but rather stop and alert me to it.

===============Second===============

If you do see the 1 file(s) copied message then do the following.

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
  
• Follow the prompts and extract the avenger folder to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\atapi.sys | c:\windows\system32\drivers\atapi.sys

Files to delete:
c:\windows\system32\opqss.ini.vir

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
  
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  
• Click on Execute
  
• Answer "Yes" twice when prompted.
  

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

[kahdah]

Yes the problem was a rootkit that had patched a critical system file in this case atapi.sys.

If you were to delete this file then it would leave you with an unbootable machine.

Let's see a new OTL log please:

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[raywilson51]

Yes the problem was a rootkit that had patched a critical system file in this case atapi.sys.

If you were to delete this file then it would leave you with an unbootable machine.

Let's see a new OTL log please:

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

Hello again

Have visited some sites this morning with no redirects. here is the log file as requested.

OTL logfile created on: 09/11/2009 14:46:28 - Run 2

OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Ray\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.79% Memory free

3.35 Gb Paging File | 2.91 Gb Available in Paging File | 86.88% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 46.81 Gb Free Space | 62.82% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ATHLON64

Current User Name: Ray

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ray\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\BtUsrBdg.exe (Extended Systems, Inc.)

PRC - C:\WINDOWS\system32\BTSetBootKey.exe ()

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ray\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (0011511230544103mcinstcleanup) -- File not found

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (gupdate1c9ff3b81eb3c) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)

SRV - (SoundMAX Agent Service (default) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)

DRV - (Bonifay) -- C:\WINDOWS\system32\drivers\Bonifay.sys (Freecom)

DRV - (Gonzales) -- C:\WINDOWS\system32\drivers\Gonzales.sys (Freecom)

DRV - (ARCSOFTVIRTUALCAPTURE) -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys (ArcSoft, Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)

DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)

DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)

DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (E1000) -- C:\WINDOWS\system32\drivers\e1000325.sys (Intel Corporation)

DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)

DRV - (BTCOMM) -- C:\WINDOWS\system32\drivers\Btcomm.sys (Windigo Systems)

DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices, Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (vad_multi) -- C:\WINDOWS\system32\drivers\vadmulti.sys (Windigo Systems)

DRV - (CSRBC01) -- C:\WINDOWS\system32\drivers\csrbc01.sys (Windigo)

DRV - (BTKRNBDG) -- C:\WINDOWS\system32\drivers\BtKrnBdg.sys (Windigo Systems)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/29 20:21:26 | 00,000,000 | ---D | M]

O1 HOSTS File: (350653 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12022 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [bTSETBOOTKEY] C:\WINDOWS\System32\BTSetBootKey.exe ()

O4 - HKLM..\Run: [bTUSRBDG] C:\WINDOWS\System32\BtUsrBdg.exe (Extended Systems, Inc.)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PuXpTwks.exe (ashampoo GmbH & Co. KG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.belfastcity.gov.uk/webcam/AxisCamControl.ocx (CamImage Class)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://62.160.78.51/activex/AMC.cab (AxisMediaControlEmb Class)

O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/03/06 18:16:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/08 23:01:41 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/11/08 22:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\avenger

[2009/11/08 21:22:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/11/08 20:00:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\GooredFix Backups

[2009/11/08 20:00:37 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Ray\Desktop\GooredFix.exe

[2009/11/08 19:38:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\Kahdah Help Folder

[2009/11/08 18:01:54 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe

[2009/11/07 19:21:19 | 07,910,064 | ---- | C] (Mozilla) -- C:\Documents and Settings\Ray\Desktop\Firefox Setup 3.5.5.exe

[2009/11/07 16:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/07 15:59:53 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HJTInstall.exe

[2009/11/07 14:28:19 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/11/07 14:26:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/11/07 14:26:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/11/07 14:26:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/11/07 14:26:36 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/11/07 14:20:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/07 14:19:15 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/11/07 12:09:13 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/11/07 12:06:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Local Settings\Application Data\PCHealth

[2009/11/07 12:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2009/11/07 09:17:43 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/06 19:57:00 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Ray\Desktop\Ad-AwareInstallation.exe

[2009/11/06 19:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/11/06 19:48:55 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ray\Desktop\spybotsd162.exe

[2009/11/06 19:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/11/03 13:12:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\My Received Files

[2009/10/19 20:23:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/19 20:23:35 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/19 20:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/19 20:19:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\Desktop\AVG Scan Folder

[2009/10/19 18:32:30 | 00,000,000 | ---D | C] -- C:\$AVG

[2009/10/19 18:32:18 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/19 18:32:18 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/19 18:32:12 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/19 18:32:10 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/19 18:32:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/10/19 18:31:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/10/19 18:10:52 | 00,889,840 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ray\My Documents\avg_free_stb_all_8_37_cnet.exe

[2009/10/12 09:43:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ray\My Documents\Sicily 2009

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/09 14:34:15 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2009/11/09 14:34:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/09 14:33:48 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/11/09 14:33:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/09 14:33:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/09 12:21:57 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Ray\ntuser.dat

[2009/11/09 12:21:57 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Ray\ntuser.ini

[2009/11/09 12:00:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/11/09 11:28:19 | 21,928,610 | -H-- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db

[2009/11/09 11:21:10 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Microsoft Word.lnk

[2009/11/09 09:33:00 | 00,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003UA.job

[2009/11/09 09:29:48 | 44,820,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/08 22:58:09 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\avenger.zip

[2009/11/08 22:27:01 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/08 21:18:48 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/08 21:04:24 | 03,563,182 | R--- | M] () -- C:\Documents and Settings\Ray\Desktop\Combo-Fix.exe

[2009/11/08 20:00:37 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Ray\Desktop\GooredFix.exe

[2009/11/08 18:33:01 | 00,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-113007714-839522115-1003Core.job

[2009/11/08 18:18:08 | 00,291,328 | ---- | M] () -- C:\g1su3dbu.exe

[2009/11/08 18:02:01 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ray\Desktop\OTL.exe

[2009/11/08 17:59:33 | 00,086,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/07 19:21:34 | 07,910,064 | ---- | M] (Mozilla) -- C:\Documents and Settings\Ray\Desktop\Firefox Setup 3.5.5.exe

[2009/11/07 18:40:38 | 00,019,694 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091107_184032.reg

[2009/11/07 17:40:26 | 00,073,281 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\JavaRa.zip

[2009/11/07 16:06:22 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Windows Explorer.lnk

[2009/11/07 16:00:12 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\HijackThis.lnk

[2009/11/07 15:59:53 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ray\Desktop\HJTInstall.exe

[2009/11/07 14:28:31 | 00,000,264 | RHS- | M] () -- C:\boot.ini

[2009/11/07 11:56:52 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\WindowsDefender.msi

[2009/11/07 11:30:43 | 00,000,193 | ---- | M] () -- C:\Boot.bak

[2009/11/07 09:17:37 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/11/06 20:51:21 | 00,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009/11/06 19:58:40 | 00,350,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/11/06 19:57:02 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Ray\Desktop\Ad-AwareInstallation.exe

[2009/11/06 19:51:16 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk

[2009/11/06 19:40:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ray\Desktop\spybotsd162.exe

[2009/11/06 14:39:41 | 00,004,442 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091106_143936.reg

[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/11/05 22:02:43 | 00,004,442 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091105_220238.reg

[2009/11/04 12:20:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/11/03 20:52:42 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/11/03 18:45:58 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Welcome To Cutting Edge Helicopters.doc

[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/11/02 20:22:07 | 00,002,688 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091102_202203.reg

[2009/11/02 20:21:06 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CCleaner.lnk

[2009/11/01 10:30:38 | 00,335,872 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\CEH.mdb

[2009/10/26 16:46:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/26 16:42:11 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/26 16:42:11 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/26 16:42:11 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2009/10/21 12:37:36 | 00,056,785 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\995260.zip

[2009/10/19 23:53:44 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/10/19 23:53:44 | 03,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/10/19 20:23:39 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/19 20:21:46 | 00,000,437 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Shared Documents.lnk

[2009/10/19 18:32:18 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/19 18:32:18 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2009/10/19 18:32:12 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/19 18:32:10 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/19 18:32:10 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/19 18:32:05 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/19 18:32:05 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/19 18:16:08 | 00,010,872 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\cc_20091019_191603.reg

[2009/10/19 18:11:03 | 00,889,840 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ray\My Documents\avg_free_stb_all_8_37_cnet.exe

[2009/10/16 18:23:03 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/10/15 21:49:35 | 05,636,952 | ---- | M] (CyberScrub LLC ) -- C:\Documents and Settings\Ray\My Documents\psuite51.exe

[2009/10/14 17:53:47 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Ray\My Documents\Hornsby Inkjet dispute.doc

[2009/10/14 10:28:34 | 00,002,268 | ---- | M] () -- C:\Documents and Settings\Ray\Desktop\Google Chrome.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/08 22:58:08 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\avenger.zip

[2009/11/08 18:18:02 | 00,291,328 | ---- | C] () -- C:\g1su3dbu.exe

[2009/11/07 18:40:34 | 00,019,694 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091107_184032.reg

[2009/11/07 17:49:16 | 03,563,182 | R--- | C] () -- C:\Documents and Settings\Ray\Desktop\Combo-Fix.exe

[2009/11/07 17:40:25 | 00,073,281 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\JavaRa.zip

[2009/11/07 16:00:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\HijackThis.lnk

[2009/11/07 14:28:30 | 00,000,193 | ---- | C] () -- C:\Boot.bak

[2009/11/07 14:28:25 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/11/07 14:26:36 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/11/07 14:26:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/11/07 14:26:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/11/07 14:26:36 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/11/07 14:26:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/11/07 12:01:26 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\WindowsDefender.msi

[2009/11/06 20:51:20 | 00,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/11/06 19:51:16 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Spybot - Search & Destroy.lnk

[2009/11/06 14:39:38 | 00,004,442 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091106_143936.reg

[2009/11/05 22:02:40 | 00,004,442 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091105_220238.reg

[2009/11/04 19:09:59 | 08,388,608 | ---- | C] () -- C:\Documents and Settings\Ray\ntuser.dat

[2009/11/03 18:42:47 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Ray\Desktop\Welcome To Cutting Edge Helicopters.doc

[2009/11/02 20:22:04 | 00,002,688 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091102_202203.reg

[2009/10/19 20:23:39 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/10/19 18:32:18 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk

[2009/10/19 18:32:10 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/19 18:32:05 | 44,820,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/19 18:32:05 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/19 18:32:05 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/19 18:32:05 | 00,086,767 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/19 18:16:05 | 00,010,872 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\cc_20091019_191603.reg

[2009/10/14 17:53:47 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Ray\My Documents\Hornsby Inkjet dispute.doc

[2009/09/15 17:45:50 | 00,000,303 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2009/09/15 17:45:25 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

[2009/09/15 17:45:22 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini

[2009/05/29 07:53:41 | 00,000,054 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\mm-device-08.ini

[2008/12/22 13:18:07 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2008/12/22 13:18:07 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2008/09/04 15:22:02 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/09/04 15:22:02 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/09/04 15:19:09 | 00,001,054 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/09/04 15:19:09 | 00,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/09/04 15:15:59 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/25 12:22:52 | 00,016,471 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\Pamela_Crash_48B2A41C.zip

[2008/08/25 12:09:00 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI

[2008/04/03 14:05:14 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Ray\Application Data\$_hpcst$.hpc

[2008/01/23 12:23:10 | 00,000,317 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/12/28 15:29:43 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2007/12/28 15:29:43 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2007/12/28 15:29:42 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2007/12/28 15:29:42 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2007/12/27 19:54:19 | 00,135,048 | ---- | C] () -- C:\WINDOWS\System32\opqss.ini2.vir

[2007/12/26 12:44:16 | 00,003,927 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/12/08 14:08:13 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini

[2007/07/21 18:53:58 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ESICOMMN.DLL

[2007/06/25 10:27:07 | 00,000,115 | ---- | C] () -- C:\WINDOWS\csact.ini

[2007/06/09 13:08:18 | 21,928,610 | -H-- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\IconCache.db

[2007/06/08 13:59:59 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\PwrUpCid.dll

[2007/05/26 08:25:07 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/04 17:13:07 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/04/29 16:06:30 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/04/29 16:04:07 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini

[2007/04/29 11:17:32 | 00,000,437 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll

[2007/04/27 16:18:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/06 19:25:55 | 00,056,752 | ---- | C] () -- C:\Documents and Settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007/03/06 18:56:02 | 00,020,311 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2007/03/06 18:56:00 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2007/03/06 18:55:51 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/03/06 18:39:45 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ray\Application Data\desktop.ini

[2007/03/06 17:32:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2007/03/06 17:30:34 | 00,000,211 | ---- | C] () -- C:\WINDOWS\System32\BOOTBAK.INI

[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/02/09 13:46:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL

[2005/06/11 10:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll

[2004/09/25 10:20:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\MSHRES_U.DLL

[2004/09/25 10:20:50 | 00,032,765 | ---- | C] () -- C:\WINDOWS\MSTMON_U.INI

[2004/09/25 10:20:50 | 00,019,619 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.INI

[2001/08/23 12:00:00 | 00,000,927 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/08/23 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini

[1999/01/22 10:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4AF47A7

< End of report >

[kahdah]

Looks good.

======Cleanup======

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set. :thumbsup:

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

[raywilson51]

Looks good.

======Cleanup======

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set. :thumbsup:

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Hello again

All done and seems to be running normally again. I would like to thank you once again for your time and the tremendous work you have done in sorting my machine out.

very best regards

Ray

[kahdah]

You are welcome.