Can't get rid of Vundo

Belashan · December 28, 2009

Had Vundo and nothing seems to get rid of it. MBAM scans are coming back clean, but AVG keeps finding:

"C:\WINDOWS\SYSTEM32\csrss.exe (1424)";"Trojan horse Vundo.JD";"Reboot is required to finish the action"

After I reboot, it comes back clean, but within a day or so, it is always back. I have some processes running that I don't recognize (UNSECAPP.exe and csrss.exe, to name a couple) When I first removed the Vundo, it took some of the program files for Playon (that I use to watch TV) and I had to run msicuu2.exe to get it completely uninstalled. Now, when I try to reinstall Playon, Windows Installer just hangs up. I am not very versed in a lot of this PC stuff, but if anyone could help, I think I might be able to follow instructions. Thanks in advance for any help you can give.

Here is the DDS.txt info:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Shannon Harris at 16:50:49.62 on Sun 12/27/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1818 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Shannon Harris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Mouse Gestures: {a6a49249-57ae-4295-8d4d-18a9502c7d8e} - c:\program files\internet explorer\plugins\drowse\MouseGestures.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - {42981F9D-0C9E-4131-BFC7-8FFE874C6AAC} - c:\program files\internet explorer\plugins\drowse\MouseGestures.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1094776625437

DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} - hxxp://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab

DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - hxxp://www.callwave.com/include/cab/CWDL_DownLoad.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB

DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: vakizuzod - {4ec47333-d29a-4c56-a4ae-2d6ecfe8d4d6} - No File

STS: {4ec47333-d29a-4c56-a4ae-2d6ecfe8d4d6} - No File

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanno~1\applic~1\mozilla\firefox\profiles\1v9g8pz0.default\

FF - prefs.js: browser.search.selectedEngine - Torrent Finder

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\shannon harris\application data\mozilla\firefox\profiles\1v9g8pz0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\shannon harris\application data\mozilla\firefox\profiles\1v9g8pz0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-16 64288]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-23 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-17 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-15 360584]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-15 285392]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]

S2 MediaMall Server;MediaMall Server;"c:\program files\mediamall\mediamallserver.exe" --> c:\program files\mediamall\MediaMallServer.exe [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 PAC207;Webcam Basic;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]

S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]

S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-9-28 98984]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-27 21:49:14 0 ----a-w- c:\documents and settings\shannon harris\defogger_reenable

2009-12-27 14:28:37 0 d-----w- c:\program files\Trend Micro

2009-12-26 13:22:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-12-26 13:17:00 0 d-----w- c:\program files\SUPERAntiSpyware

2009-12-26 13:17:00 0 d-----w- c:\docume~1\shanno~1\applic~1\SUPERAntiSpyware.com

2009-12-23 23:19:31 0 d-----w- c:\program files\MSECACHE

2009-12-23 02:24:36 0 d-----w- c:\program files\common files\TV-Websites

2009-12-23 02:24:36 0 d-----w- c:\program files\common files\ffdshowEx

2009-12-23 02:24:19 0 d-----w- C:\VundoFix Backups

2009-12-22 21:53:07 272 ----a-w- c:\windows\_delis32.ini

2009-12-20 01:36:46 0 ----a-w- c:\windows\system32\29358.exe

2009-12-20 01:16:45 0 ----a-w- c:\windows\system32\11478.exe

2009-12-20 00:56:45 0 ----a-w- c:\windows\system32\15724.exe

2009-12-20 00:36:44 0 ----a-w- c:\windows\system32\19169.exe

2009-12-20 00:16:44 0 ----a-w- c:\windows\system32\26500.exe

2009-12-19 23:56:43 0 ----a-w- c:\windows\system32\6334.exe

2009-12-19 23:36:43 0 ----a-w- c:\windows\system32\18467.exe

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-15 18:04:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-15 18:04:01 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-11-15 14:43:44 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-15 14:43:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-15 14:43:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-25 23:45:47 74703 ----a-w- c:\windows\system32\mfc45.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-03-24 07:09:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032420090325\index.dat

============= FINISH: 16:53:38.84 ===============

Attach.zip

mbam_log_2009_12_28__18_44_44_.txt

ark.txt

SpySentinel · December 30, 2009

Hi Belashan, welcome to Malwarebytes

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Belashan · December 30, 2009

Thanks for the help SpySentinel, I really need it. One thing I hadn't noticed before the original post was that I am seeing some search result redirection in Firefox, if that helps. Hee is OTL.txt:

OTL logfile created on: 12/30/2009 5:49:15 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Shannon Harris\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 3837 3837 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.72 Gb Total Space | 40.98 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 465.76 Gb Total Space | 49.03 Gb Free Space | 10.53% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DEEPTHOUGHT

Current User Name: Shannon Harris

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/30 05:48:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon Harris\Desktop\OTL.exe

PRC - [2009/12/27 16:34:16 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2009/12/27 13:04:33 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2009/12/27 13:04:32 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2009/12/23 18:24:42 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/12/23 18:24:38 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2009/12/23 18:24:10 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/19 16:59:20 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/12 08:31:46 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/12/12 08:31:46 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/11/15 09:43:29 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/09/22 13:40:36 | 00,884,736 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2005/01/14 08:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\SYSTEM32\PAStiSvc.exe

PRC - [2002/08/29 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE

PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

========== Modules (SafeList) ==========

MOD - [2009/12/30 05:48:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon Harris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MediaMall Server)

SRV - [2009/12/27 13:04:32 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/12/23 18:24:38 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/09/22 13:40:36 | 00,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)

SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2008/02/27 18:07:26 | 00,594,600 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)

SRV - [2008/02/27 18:07:14 | 00,098,984 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

SRV - [2007/10/09 16:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/01/14 08:32:38 | 00,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\PAStiSvc.exe -- (STI Simulator)

SRV - [2004/04/21 11:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)

SRV - [2003/11/03 14:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)

SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Torrent Finder"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0

FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.50

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.3

FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0

FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.7

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.5.5

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546

FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.52

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 08:32:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 21:24:10 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 21:24:09 | 00,000,000 | ---D | M]

[2008/08/26 19:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Extensions

[2009/12/29 21:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions

[2009/08/09 12:56:03 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009/11/15 09:47:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}

[2009/12/07 19:37:10 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2009/11/01 09:35:53 | 00,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

[2009/01/18 13:54:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/08/07 05:20:25 | 00,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

[2007/08/01 20:38:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2009/08/07 05:20:25 | 00,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}

[2009/12/07 19:37:15 | 00,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/12/07 19:37:13 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/08/07 05:20:24 | 00,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}

[2009/08/19 17:26:22 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/11/01 09:35:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2008/12/16 14:20:31 | 00,000,000 | ---D | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

[2009/11/15 09:48:05 | 00,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

[2006/01/05 19:38:03 | 00,000,000 | ---D | M] (FireCat OceanPaws) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{FireCat-e3170330-0f65-11d9-9669-0800200c9a66}

[2006/01/05 19:38:03 | 00,000,000 | ---D | M] (FireCat AutumnRedFB) -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\{FireCat-f58a5ee2-0f65-11d9-9669-0800200c9a66}

[2008/09/09 13:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\trustme@gness.com

[2007/10/20 07:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\extensions\xpose@viamatic.com

[2008/01/14 16:35:08 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\searchplugins\aolsearch.xml

[2008/06/26 19:42:52 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\searchplugins\IMDB.xml

[2009/12/27 15:22:20 | 00,002,035 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\searchplugins\Olga.xml

[2009/12/28 17:28:38 | 00,001,111 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\searchplugins\torrent-finder.xml

[2009/08/09 12:56:28 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Application Data\Mozilla\Firefox\Profiles\1v9g8pz0.default\searchplugins\winamp-search.xml

[2009/12/29 21:08:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: (321495 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 11016 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Mouse Gestures) - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\PLUGINS\Drowse\MouseGestures.dll (Drowse)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\PLUGINS\Drowse\MouseGestures.dll (Drowse)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1094776625437 (MSSecurityAdvisor Class)

O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} http://tech-b.mhi.aol.com/netagent/objects/custappx2.CAB (eshare communications NetAgent Customer ActiveX Control version 2)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab (McAfee.com Operating System Class)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (CWDL_DownLoadControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls.../20/SassCln.CAB (SassCln Object)

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O21 - SSODL: vakizuzod - {4ec47333-d29a-4c56-a4ae-2d6ecfe8d4d6} - CLSID or File not found.

O22 - SharedTaskScheduler: {4ec47333-d29a-4c56-a4ae-2d6ecfe8d4d6} - tokatiluy - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/10/14 17:15:39 | 00,000,029 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/08/17 13:48:16 | 00,000,040 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/04/01 01:00:10 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (51513425431363584)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/30 05:48:22 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shannon Harris\Desktop\OTL.exe

[2009/12/29 21:14:48 | 19,448,048 | ---- | C] (MediaMall Technologies, Inc. ) -- C:\Documents and Settings\Shannon Harris\Desktop\PlayOnSetup.2.59.3614.exe

[2009/12/29 20:43:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shannon Harris\Desktop\ProceXP

[2009/12/29 20:25:58 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Shannon Harris\Recent

[2009/12/27 09:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/12/26 08:22:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/12/26 08:17:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shannon Harris\Application Data\SUPERAntiSpyware.com

[2009/12/26 08:17:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/12/23 18:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE

[2009/12/22 21:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TV-Websites

[2009/12/22 21:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ffdshowEx

[2009/12/22 21:24:20 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/12/22 21:24:19 | 00,000,000 | ---D | C] -- C:\VundoFix Backups

[2009/12/22 20:55:56 | 19,448,048 | ---- | C] (MediaMall Technologies, Inc. ) -- C:\Documents and Settings\Shannon Harris\My Documents\PlayOnSetup.2.59.3614.exe

[2009/12/22 12:54:26 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2009/11/15 09:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/10/25 18:47:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2009/07/03 18:26:17 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Shannon Harris\Application Data\pcouffin.sys

[2009/03/23 16:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX

[2009/03/21 21:24:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/03/21 08:14:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/03/17 15:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/03/16 20:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2008/09/28 16:34:53 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll

[2008/09/28 16:34:52 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll

[2008/09/28 16:34:52 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll

[2008/09/28 16:34:52 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll

[2008/09/28 16:34:52 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

[2008/09/28 16:34:52 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll

[2008/09/28 16:34:52 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll

[2008/09/28 16:34:51 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll

[2008/09/28 16:34:51 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll

[2008/09/28 16:34:50 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll

[2008/09/28 16:34:49 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll

[2008/06/23 19:42:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2007/11/28 18:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback

[2007/11/28 09:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla

[2007/11/28 09:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla

========== Files - Modified Within 14 Days ==========

[2009/12/30 05:48:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon Harris\Desktop\OTL.exe

[2009/12/30 05:48:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/12/30 05:48:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2009/12/30 05:48:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2009/12/30 05:48:12 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2009/12/30 05:48:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2009/12/30 05:46:47 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

[2009/12/30 05:46:43 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2009/12/30 05:46:03 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009/12/30 05:45:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/30 05:45:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2009/12/30 05:44:49 | 13,893,632 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\NTUSER.DAT

[2009/12/30 05:44:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Shannon Harris\NTUSER.INI

[2009/12/30 04:43:46 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/12/30 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/12/29 21:15:32 | 19,448,048 | ---- | M] (MediaMall Technologies, Inc. ) -- C:\Documents and Settings\Shannon Harris\Desktop\PlayOnSetup.2.59.3614.exe

[2009/12/29 19:08:30 | 47,210,285 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/12/29 19:08:14 | 00,128,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/12/29 18:09:22 | 03,327,000 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Desktop\WindowsXP-KB942288-v3-x86.exe

[2009/12/28 17:20:41 | 00,005,555 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Desktop\Attach.zip

[2009/12/27 16:49:14 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\defogger_reenable

[2009/12/27 16:40:32 | 01,496,399 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Desktop\TGTC_XP_4.3.zip

[2009/12/22 21:28:59 | 05,678,046 | -H-- | M] () -- C:\Documents and Settings\Shannon Harris\Local Settings\Application Data\IconCache.db

[2009/12/22 20:58:16 | 19,448,048 | ---- | M] (MediaMall Technologies, Inc. ) -- C:\Documents and Settings\Shannon Harris\My Documents\PlayOnSetup.2.59.3614.exe

[2009/12/22 16:53:07 | 00,000,272 | ---- | M] () -- C:\WINDOWS\_delis32.ini

[2009/12/22 13:20:33 | 00,000,914 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2009/12/22 13:20:33 | 00,000,235 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI

[2009/12/22 13:20:33 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI

[2009/12/22 10:25:58 | 00,146,432 | ---- | M] () -- C:\Documents and Settings\Shannon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/19 20:36:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe

[2009/12/19 20:16:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe

[2009/12/19 19:56:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe

[2009/12/19 19:36:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe

[2009/12/19 19:16:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe

[2009/12/19 18:56:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe

[2009/12/19 18:36:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

========== Files Created - No Company Name ==========

[2009/12/29 18:09:04 | 03,327,000 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Desktop\WindowsXP-KB942288-v3-x86.exe

[2009/12/28 17:20:41 | 00,005,555 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Desktop\Attach.zip

[2009/12/27 16:49:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\defogger_reenable

[2009/12/27 16:40:31 | 01,496,399 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Desktop\TGTC_XP_4.3.zip

[2009/12/27 15:20:12 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/12/27 13:06:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2009/12/27 13:06:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2009/12/27 13:06:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2009/12/27 13:06:46 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2009/12/22 16:53:07 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009/12/19 20:36:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe

[2009/12/19 20:16:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe

[2009/12/19 19:56:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe

[2009/12/19 19:36:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe

[2009/12/19 19:16:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe

[2009/12/19 18:56:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe

[2009/12/19 18:36:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2009/10/25 18:45:47 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009/08/12 15:58:23 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/08/12 15:58:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/08/12 15:58:22 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/12 15:58:22 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/08/12 15:58:21 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/08/12 15:44:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/12 15:44:01 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/08/05 19:25:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI

[2009/07/03 18:26:30 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\pcouffin.log

[2009/07/03 18:26:17 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\inst.exe

[2009/07/03 18:26:17 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\pcouffin.cat

[2009/07/03 18:26:17 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\pcouffin.inf

[2008/11/17 21:50:03 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/09/28 16:41:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll

[2008/09/28 16:41:52 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll

[2008/09/28 16:40:57 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll

[2008/09/28 16:40:57 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll

[2008/09/28 16:40:57 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll

[2008/09/28 16:35:04 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini

[2008/09/28 16:34:53 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll

[2008/09/28 16:34:50 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll

[2008/06/12 03:02:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/02/15 20:08:37 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\$_hpcst$.hpc

[2008/02/05 12:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Local Settings\Application Data\setup.txt

[2007/04/11 10:41:32 | 00,000,104 | ---- | C] () -- C:\WINDOWS\WET.INI

[2007/03/27 11:53:26 | 00,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI

[2007/03/20 19:42:58 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/07/18 16:32:03 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/05/23 16:11:04 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Pcom2.ini

[2006/04/27 19:21:19 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\ddacffbbbc_s.dll

[2006/04/09 13:34:26 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log

[2006/04/08 11:37:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2006/04/08 11:36:20 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll

[2006/01/06 22:35:21 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll

[2006/01/06 22:35:18 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll

[2005/08/10 19:19:17 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2005/06/02 18:52:38 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini

[2005/05/08 09:45:37 | 00,000,685 | ---- | C] () -- C:\WINDOWS\RegRestore.INI

[2005/05/05 00:21:46 | 00,000,660 | ---- | C] () -- C:\WINDOWS\REGRES~1.INI

[2005/01/25 14:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

[2005/01/17 00:51:18 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2004/12/29 00:20:16 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini

[2004/11/23 20:15:15 | 00,028,619 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\Comma Separated Values (Windows).ADR

[2004/11/03 17:24:34 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2004/09/21 20:37:01 | 00,013,824 | ---- | C] () -- C:\WINDOWS\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/09/07 18:29:34 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\mpauth.dat

[2004/08/31 13:53:40 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI

[2004/07/02 21:17:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini

[2004/06/03 15:59:24 | 00,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2004/06/03 15:59:16 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2004/06/03 15:59:15 | 00,000,181 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2004/05/18 22:03:48 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2004/04/17 12:41:04 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Local Settings\Application Data\fusioncache.dat

[2004/04/10 22:44:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Application Data\dm.ini

[2004/04/06 19:50:42 | 00,146,432 | ---- | C] () -- C:\Documents and Settings\Shannon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/04/06 17:44:52 | 00,032,235 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2004/04/05 20:42:21 | 00,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2004/04/05 20:42:21 | 00,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini

[2004/04/05 20:42:17 | 00,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL

[2004/04/05 20:42:17 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL

[2004/04/05 20:42:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL

[2004/04/05 20:42:07 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL

[2004/04/01 01:37:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/04/01 01:34:59 | 00,000,490 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/04/01 01:26:34 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/04/01 01:14:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/04/01 01:14:42 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/04/01 01:02:56 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/01/23 10:03:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/01/22 11:00:28 | 00,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini

[2003/11/20 14:39:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/03/27 14:28:44 | 00,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini

[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/12/30 05:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/09/03 17:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP

[2009/11/22 21:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2008/09/28 18:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series

[2004/04/16 17:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark

[2008/12/06 10:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2008/11/17 21:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2009/08/05 19:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/09 14:16:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2009/08/18 19:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2004/04/06 16:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UnH Solutions

[2007/03/20 19:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/08/18 19:28:40 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/11/15 13:02:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2006/11/17 23:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\albumart

[2009/12/22 13:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Any Video Converter

[2009/03/15 17:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\AQUATRA

[2004/08/31 13:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Earthlink

[2007/02/17 23:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\FlashFXP

[2009/03/24 17:47:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\GlarySoft

[2009/11/14 09:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\iolo

[2004/05/22 19:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Leadertech

[2008/09/28 18:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Lexmark Productivity Studio

[2005/10/08 15:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\MyPrivacy

[2008/07/01 19:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Opera

[2004/04/16 17:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Quark

[2004/12/18 01:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Red Chair Software

[2009/11/26 18:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\rockbox.org

[2008/07/05 09:51:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Snapfish

[2009/08/18 19:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\TuneUp Software

[2009/10/30 16:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Turbine

[2009/12/22 21:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\uTorrent

[2009/08/05 17:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shannon Harris\Application Data\Vso

[2009/12/30 05:48:11 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

[2009/12/30 05:48:12 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

[2009/12/30 05:48:13 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

[2009/12/30 05:48:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

[2009/12/30 05:48:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2004/04/17 14:32:58 | 00,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

[2009/12/30 05:46:03 | 00,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2009/12/30 02:29:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: AGP440.SYS >

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2001/08/17 14:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2003/04/23 10:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

[2003/04/23 10:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

[2003/04/23 10:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll

[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2002/08/29 06:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll

[2002/08/29 06:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL

[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2002/08/29 06:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\atl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F723BC00F7457BC3

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD

< End of report >

And here is Extras.txt:

OTL Extras logfile created on: 12/30/2009 5:49:15 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Shannon Harris\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 3837 3837 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.72 Gb Total Space | 40.98 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 465.76 Gb Total Space | 49.03 Gb Free Space | 10.53% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DEEPTHOUGHT

Current User Name: Shannon Harris

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"8097:TCP" = 8097:TCP:*:Disabled:EarthLink UHP Modem Support

"29796:TCP" = 29796:TCP:*:Enabled:utorrent2

"29796:UDP" = 29796:UDP:*:Enabled:utorrent3

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"28618:TCP" = 28618:TCP:*:Enabled:UTorrent

"30284:UDP" = 30284:UDP:*:Enabled:UTorrent

"30284:TCP" = 30284:TCP:*:Enabled:UTorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)

"C:\Program Files\Red Chair Software\Irivium Explorer\irvmgr.exe" = C:\Program Files\Red Chair Software\Irivium Explorer\irvmgr.exe:*:Enabled:Red Chair Manager -- (Red Chair Software, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows

SpySentinel · December 30, 2009

Hi Belashan, you're welcome :lol:

Download Kenco.exe to your desktop

Close all windows and run the program
It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\WINDOWS\System32\29358.exe
C:\WINDOWS\System32\11478.exe
C:\WINDOWS\System32\15724.exe
C:\WINDOWS\System32\19169.exe
C:\WINDOWS\System32\26500.exe
C:\WINDOWS\System32\6334.exe
C:\WINDOWS\System32\18467.exe
C:\WINDOWS\System32\ddacffbbbc_s.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java

Belashan · December 30, 2009

Again, thanks. I removed the viewpoint program Viewpoint Media Player and deleted and replaced all of the Java stuff. Here is the Kenco log:

Kenco by jpshortstuff (30.12.09.1)

Log created at 18:49 on 30/12/2009 (Shannon Harris)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========

Ad-Aware Update (Daily 1).job -> [18:06 27/12/2009] 472 bytes

Ad-Aware Update (Daily 2).job -> [18:06 27/12/2009] 472 bytes

Ad-Aware Update (Daily 3).job -> [18:06 27/12/2009] 472 bytes

Ad-Aware Update (Daily 4).job -> [18:06 27/12/2009] 472 bytes

Ad-Aware Update (Weekly).job -> [16:35 16/08/2009] 472 bytes

Disk Cleanup.job -> [19:32 17/04/2004] 278 bytes

GlaryInitialize.job -> [22:22 24/03/2009] 330 bytes

MP Scheduled Scan.job -> [20:20 27/12/2009] 330 bytes

-=E.O.F=-

Thanks again. Belashan

SpySentinel · December 31, 2009

Hi Belashan,

You're welcome, and I hope you have a Happy new year

Launch Malwarebytes' Anti-Malware

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Belashan · January 1, 2010

Happy New Year!! Here are the reports. MBAM didn't find anything:

Malwarebytes' Anti-Malware 1.43

Database version: 3464

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/31/2009 3:31:15 PM

mbam-log-2009-12-31 (15-31-15).txt

Scan type: Quick Scan

Objects scanned: 123446

Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, January 1, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, December 31, 2009 21:26:40

Records in database: 3420450

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

F:\

Scan statistics:

Objects scanned: 118371

Threats found: 1

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 02:30:17

File name / Threat / Threats count

C:\Documents and Settings\Shannon Harris\My Documents\Desktop\Saved\DLs\gusetupnew.exe Infected: Virus.Win32.Induc.a 2

Selected area has been scanned.

Thanks!

Belashan · January 1, 2010

I also wanted to get your opinion on a couple of things.

Do you have any idea, from what you have seen in these logs, what might be keeping the installer from letting me reinstall Playon? I have installed several other programs and they had no issues, but, for some reason, that one program (the one I am most worried about getting back) just won't install. It gets to the screen where it actually starts the install (with the progress bar) and just stops. All of the buttons are greyed out and nothing works. Just wondering if you had any ideas about this.

Also, I have been considering doing a windows reinstall on this pc and wanted to know if this vundo virus would hang on through a pc restore (its a Dell computer) or if I would need to do a full reinstall. I have never reinstalled Windows before, but this PC is about 5 years old and is kind of cluttered with old programs and stuff. And these days we pretty much just use it for a media server with the Playon program and for occasional internet browsing. In your opinion, do you think it would be worth the hassle to reinstall, or should I just carry on with it the way it is?

Anyway, I know this is kind of off topic, thanks for any advice you can offer. Belashan

SpySentinel · January 1, 2010

Hi Belashan, you're welcome.

If you like, a clean install is a good option. Vundo will not carry over if you reinstall properly. If you like we will finish up cleaning then I can help you reinstall if you like.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Documents and Settings\Shannon Harris\My Documents\Desktop\Saved\DLs\gusetupnew.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

Belashan · January 1, 2010

Here is the log from OTL:

All processes killed

========== FILES ==========

C:\Documents and Settings\Shannon Harris\My Documents\Desktop\Saved\DLs\gusetupnew.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Application Data

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jennifer Harris

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Shannon Harris

->Temp folder emptied: 95708421 bytes

->Temporary Internet Files folder emptied: 1237118 bytes

->Java cache emptied: 13818443 bytes

->FireFox cache emptied: 37521292 bytes

->Opera cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 18721 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 30326484 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 170.00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 01012010_172459

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I think that I might reinstall Windows since it might help clean out the cobwebs and maybe help it run smoother. Thanks for the offer to help, I would appreciate having someone that knows what they are doing giving me pointers. I need to check and see what I need to backup to the external and find all of my settings for my ISP passwords and all of that. Thanks. Belashan

SpySentinel · January 2, 2010

Here is information on how to perform a clean install:

http://web.mit.edu/ist/products/winxp/adva...all-format.html

Make sure you backup all of your important files and documents you ant to keep.

Belashan · January 2, 2010

So, you definitely think thqt is the way to go? I will start getting all of my discs together. Do you think I need to format and reinstall, or will a PC Restore take care of the problem? Thanks again for all of your help!

SpySentinel · January 3, 2010

I think this infection can be cleaned without a reinstall but you had said you wanted to anyways. If you want to you can but its not needed to clean your computer.

Belashan · January 3, 2010

I am kind of torn. I do think a reinstall would be good, but I have read a lot of horror stories about the process. So I guess I am concerned about what might go wrong.

123carolyn · January 3, 2010

SpySentinel, will the instructions above help me if I have vundo.h or gen-nullo? I've posted a topic but no help yet. I'd love to see this vundo thing get it's butt kicked.

Belashan · January 3, 2010

Well, I may have managed to screw myself. I started the reinstall of xp and have run into a major problem. I have a bad video card in the pc (Nvidia Geforce 5200) that i have had turned off for a long time. I haven't removed it because it has my vga out for my monitor on it. Now, during xp setup, i get a blue screen because its not turned off anymore. So, i went into safe mode to turn it off, but it tells me windows xp setup cant run in safe mode and reboots back to the error screen. Any ideas how to get out of this loop? Thanks, i didn't know who else to ask. Belashan

SpySentinel · January 5, 2010

I would suggest you post that you are having problems with a reinstall in this forum:

http://www.malwarebytes.org/forums/index.php?showforum=6

since it is not related to malware.

SpySentinel · January 17, 2010

Due to lack of feedback this topic has been closed.

If you need this topic reopened, please contact a staff member.

Everyone else please start a new topic.

Can't get rid of Vundo

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information