please help something is causing my pc to crash, not sure it just keep hangin up til i have to reboot

[nevadagirl]

I posted in the wrong place I hope Im now in the right place to get help

because i thought i had a malware on my system so i thought the best place to put was

under malware help !! but I was told to post here ???

I posted earlier with just a question since then i went an used high jack this i hope

this well help you with whats wrong an why it keeps running so high of cpu an hanging up

I put a log in here of whats going on with my reg

also i have two iexplorer running in my taskmanger an really using alot of cpu

one is going to a file called drvstore

also there another things that is running double some running triple really could use some help

My computer has two hard drives both running in raid o . also if it helps the file of

the drvstore is coming up in blue highlighted print

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:56:47 AM, on 3/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\ULI5289\JMAP5289.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Java

[Maurice Naggar]

Hello,

Here's how to take care & close the multilple running IE browsers (iexplore) --- at least temporarily.

If you have a visible IE window, close it the regular way.

Then you can bring up Task Manager by pressing this keyboard sequence: CTRL+ALT+DEL keys

Once Task Manager starts, press the Processes tab.

Look for any IEXPLORE.exe

if found, click the line once

then select End Process

then exit Task Manager

NOTE: Your HJT log shows the system is running Trend Micro\Internet Security 2007 and also AVG version 9.

Running 2 antivirus programs leads to conflicts & likely deadlocks.

Did your license to Trend Micro expire? was it a trial version?

When did you install AVG9 ?

Here's what I suggest you do now:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Step 4

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 5

Next, see this topic --> http://forums.malwarebytes.org/index.php?showtopic=9573

and do the steps to get & run DDS reports & the GMER scan

Step 6

DDS.txt

Attach.txt

GMER log

[nevadagirl]

well first off I never installed trend only went there an used the trend housecall an i have the avg 9 free version

dont no why it there an i see what you see hmmmm dont no thou

also i went an did what you said about closing out the two iexplore an when I did it came right back up in the task manager so im going to go ahead an do what you said with the rest here hopefully this well give me back my pc with out all the system issue of taking so much juice to run thanks so much for your time an help will let you know the out come Nancy

Edited March 6, 2010 by Maurice Naggar
removed quote

[Maurice Naggar]

Please only use the ADDReply button when starting a reply. It is at the very bottom right of forum window and looks like this

[nevadagirl]

Ok Ive attached all my stuff that i was told to do an in the letter it said to post it all here I sure hope this is the right place I have been posting in the wrong place so many times please forgive also with my two iexplorer I went an un installed the iepro an im still getting two different iexplorers coming up my other concern I was told to uncheck all my system folders should i now go back an change them back to the way they were is it safe to leave it as is an thanks for all the help hope i put the attachments on correct Nancy

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-06 13:37:16

Windows 5.1.2600 Service Pack 3

Running: pvclupi5.exe; Driver: C:\DOCUME~1\Nancy\LOCALS~1\Temp\afloqpow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xADFC5B30]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xADFC56F0]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xADFC5470]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xADFC5C50]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xADFC5990]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xADFC58D0]

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xADFC5D60]

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- EOF - GMER 1.0.15 ----

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Nancy at 10:54:51.01 on Sat 03/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.972 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\ULI5289\JMAP5289.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Nancy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearch Bar = hxxp://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [OE] "c:\program files\trend micro\internet security 2007\tmas_oe\TMAS_OEMon.exe"

uRun: [WebCamRT.exe]

uRun: [4shared Desktop] "c:\program files\4shared desktop\desktop.exe" "startup"

mRun: [WinPatrol] c:\progra~1\billps~1\winpat~1\winpatrol.exe

mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE

mRun: [pccguide.exe] "c:\program files\trend micro\internet security 2007\pccguide.exe"

mRun: [JMAP5289] c:\program files\uli5289\JMAP5289.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel PhotoDownloader.exe" -startup

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [4shared Update] "c:\program files\4shared desktop\checkUpdate.exe"

StartupFolder: c:\docume~1\nancy\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: &Download all 4shared files - c:\program files\4shared desktop\down_all.htm

IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll

IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: ebay.com\search

Trusted Zone: liveops.com\callcenter

Trusted Zone: liveops.com\www

Trusted Zone: liveops.com \callcenter

Trusted Zone: proflowers.com\homeadmin

Trusted Zone: proflowers.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152575217406

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183634236703

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} - hxxps://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://flowers-vpn.liveops.com/dana-cached/setup/JuniperSetupSP1.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [2006-7-10 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [2006-7-10 7168]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2005-1-11 49101]

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2006-9-4 19478]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2006-7-10 44928]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-15 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-15 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-15 360584]

R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2006-9-4 635017]

R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2006-9-4 431236]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-15 285392]

R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-23 30152]

R3 JM5289;JM5289;\??\c:\documents and settings\nancy\jm5289.sys --> c:\documents and settings\nancy\JM5289.sys [?]

R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2009-3-1 220079]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [2006-7-10 29696]

S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2006-9-4 64093]

S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-03-05 22:03:59 0 d-----w- c:\docume~1\nancy\applic~1\Malwarebytes

2010-03-05 22:03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-05 22:03:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-05 22:03:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-05 22:03:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-05 05:35:35 0 d-----w- c:\program files\Security Task Manager

2010-02-27 16:52:20 0 d-----w- c:\docume~1\nancy\applic~1\Faerie Solitaire

2010-02-27 13:32:15 0 d-----w- c:\program files\Faerie Solitaire

2010-02-27 13:03:26 0 d-----w- c:\program files\Alices Tea Cup Madness

2010-02-25 11:23:47 0 d-----w- c:\program files\Cake Mania 3

2010-02-21 06:45:06 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache

2010-02-19 23:18:59 0 d-----w- C:\Downloads

2010-02-19 04:12:27 0 d-----w- c:\program files\IEPro

2010-02-19 04:11:08 0 d-----w- c:\docume~1\nancy\applic~1\IEPro

2010-02-18 06:29:31 0 d-----w- c:\docume~1\nancy\applic~1\4shared Desktop

2010-02-18 06:22:35 0 d-----w- c:\program files\4shared Desktop

2010-02-14 05:57:48 0 d-----w- c:\program files\Farm Mania 2

2010-02-08 07:55:42 0 d-----w- c:\windows\system32\wbem\Repository

2010-02-05 06:04:11 68064 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-05 05:48:15 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-04 20:48:04 0 d-----w- c:\docume~1\nancy\applic~1\Boomzap

2010-02-04 20:38:47 0 d-----w- c:\program files\Passport to Paradise

==================== Find3M ====================

2010-03-03 14:20:33 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll

2009-12-21 19:14:05 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll

2009-12-21 19:14:03 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll

2009-12-21 19:14:02 11070464 ----a-w- c:\windows\system32\ieframe(3)(2).dll

2009-12-17 23:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-15 18:14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-02-02 11:34:08 13824 --sha-w- c:\program files\Thumbs.db

2007-01-27 10:59:58 6144 --sha-w- c:\program files\common files\Thumbs.db

2008-11-10 17:22:08 88 --sh--r- c:\windows\system32\8FB0F740BA.sys

2009-10-31 15:34:04 88 --sh--r- c:\windows\system32\C28E54603C.sys

2008-10-24 19:10:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102420081025\index.dat

============= FINISH: 10:55:29.95 ===============

ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/10/2006 4:06:36 PM

System Uptime: 3/6/2010 10:30:17 AM (0 hours ago)

Motherboard: TBD | | K8 Combo-Z

Processor: AMD Athlon 64 Processor 2800+ | CPU 1 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 149 GiB total, 31.61 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP355: 12/7/2009 5:23:59 AM - System Checkpoint

RP356: 12/8/2009 11:10:29 AM - System Checkpoint

RP357: 12/9/2009 11:32:24 AM - System Checkpoint

RP358: 12/10/2009 4:14:38 PM - System Checkpoint

RP359: 12/11/2009 7:23:58 PM - System Checkpoint

RP360: 12/13/2009 11:52:56 PM - System Checkpoint

RP361: 12/15/2009 6:46:13 AM - System Checkpoint

RP362: 12/15/2009 12:13:34 PM - Installed AVG Free 9.0

RP363: 12/16/2009 6:57:08 PM - System Checkpoint

RP364: 12/17/2009 7:22:06 PM - System Checkpoint

RP365: 12/18/2009 8:57:09 AM - Avg8 Update

RP366: 12/19/2009 9:06:13 AM - System Checkpoint

RP367: 12/20/2009 9:40:30 AM - System Checkpoint

RP368: 12/21/2009 9:57:09 AM - System Checkpoint

RP369: 12/21/2009 11:58:02 AM - Restore Operation

RP370: 12/21/2009 12:02:22 PM - Restore Operation

RP371: 12/21/2009 12:07:42 PM - Restore Operation

RP372: 12/22/2009 12:13:17 PM - System Checkpoint

RP373: 12/22/2009 2:25:20 PM - Avg8 Update

RP374: 12/23/2009 10:48:40 PM - System Checkpoint

RP375: 12/24/2009 6:01:52 AM - Installed Windows Media Player 11

RP376: 12/24/2009 6:03:50 AM - Software Distribution Service 3.0

RP377: 12/25/2009 6:21:50 AM - System Checkpoint

RP378: 12/26/2009 8:10:52 AM - System Checkpoint

RP379: 12/27/2009 8:37:57 AM - System Checkpoint

RP380: 12/28/2009 3:07:15 PM - System Checkpoint

RP381: 12/29/2009 4:05:24 PM - System Checkpoint

RP382: 12/30/2009 7:14:09 PM - System Checkpoint

RP383: 12/31/2009 9:32:19 AM - Avg8 Update

RP384: 1/1/2010 10:21:43 AM - System Checkpoint

RP385: 1/3/2010 11:53:30 AM - System Checkpoint

RP386: 1/4/2010 2:32:08 PM - System Checkpoint

RP387: 1/5/2010 5:55:40 PM - System Checkpoint

RP388: 1/6/2010 11:47:04 PM - System Checkpoint

RP389: 1/8/2010 2:08:55 AM - System Checkpoint

RP390: 1/9/2010 6:37:05 AM - System Checkpoint

RP391: 1/10/2010 7:20:48 PM - System Checkpoint

RP392: 1/12/2010 4:00:07 AM - System Checkpoint

RP393: 1/14/2010 3:33:47 PM - System Checkpoint

RP394: 1/16/2010 8:04:58 AM - System Checkpoint

RP395: 1/17/2010 2:53:35 PM - System Checkpoint

RP396: 1/18/2010 1:34:27 PM - Avg8 Update

RP397: 1/19/2010 1:51:19 PM - System Checkpoint

RP398: 1/20/2010 4:00:06 PM - System Checkpoint

RP399: 1/21/2010 4:07:38 PM - System Checkpoint

RP400: 1/22/2010 12:10:28 AM - Software Distribution Service 3.0

RP401: 1/23/2010 4:11:38 AM - System Checkpoint

RP402: 1/24/2010 6:55:42 AM - System Checkpoint

RP403: 1/25/2010 4:00:38 PM - System Checkpoint

RP404: 1/26/2010 4:26:10 PM - System Checkpoint

RP405: 1/27/2010 8:35:59 AM - Avg8 Update

RP406: 1/28/2010 10:34:40 PM - Installed Java 6 Update 18

RP407: 1/30/2010 9:02:59 PM - System Checkpoint

RP408: 2/1/2010 7:27:26 AM - System Checkpoint

RP409: 2/2/2010 1:43:17 PM - System Checkpoint

RP410: 2/4/2010 1:04:42 PM - System Checkpoint

RP411: 2/4/2010 11:48:09 PM - Installed iTunes

RP412: 2/6/2010 9:08:22 AM - System Checkpoint

RP413: 2/7/2010 6:51:49 AM - Restore Operation

RP414: 2/7/2010 7:02:37 AM - Avg8 Update

RP415: 2/8/2010 12:56:29 AM - Software Distribution Service 3.0

RP416: 2/8/2010 1:51:35 AM - Restore Operation

RP417: 2/9/2010 8:34:44 AM - System Checkpoint

RP418: 2/10/2010 5:30:18 AM - Software Distribution Service 3.0

RP419: 2/11/2010 8:02:26 AM - System Checkpoint

RP420: 2/12/2010 11:02:43 AM - System Checkpoint

RP421: 2/13/2010 11:50:02 AM - System Checkpoint

RP422: 2/15/2010 6:58:36 AM - System Checkpoint

RP423: 2/16/2010 8:02:54 AM - System Checkpoint

RP424: 2/17/2010 8:05:04 AM - System Checkpoint

RP425: 2/18/2010 2:54:36 PM - Unsigned driver install

RP426: 2/19/2010 3:24:32 PM - System Checkpoint

RP427: 2/22/2010 12:15:12 AM - Removed iTunes

RP428: 2/21/2010 1:40:31 PM - System Checkpoint

RP429: 2/22/2010 12:15:18 AM - Removed Bonjour

RP430: 2/22/2010 12:32:41 AM - Removed iTunes

RP431: 2/23/2010 3:01:41 PM - System Checkpoint

RP432: 2/24/2010 3:47:29 PM - System Checkpoint

RP433: 2/25/2010 9:26:31 PM - System Checkpoint

RP434: 2/27/2010 7:31:42 AM - System Checkpoint

RP435: 2/28/2010 9:04:35 AM - System Checkpoint

RP436: 3/1/2010 10:12:04 AM - System Checkpoint

RP437: 3/2/2010 12:26:34 PM - System Checkpoint

RP438: 3/4/2010 10:20:45 AM - System Checkpoint

RP439: 3/5/2010 10:22:04 AM - System Checkpoint

==== Installed Programs ======================

20/20 v2.2

3Planesoft Screensaver Manager 1.1

4shared Desktop

ABBYY FineReader 5.0 Sprint Plus

Adobe After Effects 7.0

Adobe Bridge 1.0

Adobe Common File Installer

Adobe ExtendScript Toolkit 1.0

Adobe Flash Player 10 ActiveX

Adobe Help Center 2.0

Adobe Photoshop 7.0

Adobe Reader 8.2.0

Adobe Shockwave Player 11

Adobe Stock Photos 1.0

Adobe

[Maurice Naggar]

Hello Nancy,

If you have not done so, do this now. Look at the topmost blue bar on this forum window.

Near the top, Click on the Options button (at right side, near top -- with the down arrow).

Then select "Track this topic"

Then select "Immediate Email Notification"

Then press Proceed

You had created a new topic from your last reply. Please only make replies here, to this thread.

Also, keep the File View Options as I had asked for. When and if we finish, we'll take care of reverting back.

For now, we need to have system set to show all --- so that the tools we run will see every file.

Remember, we are looking for underlying malware, which can be anywhere, including system folders !

You said you removed one IE. Please, while I am helping you, do not make changes, additions of any kind for the duration of my help. It is important that I understand the state of the system & if you change something on your own, we can well have a conflict.

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not nevadagirl and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Turn off AVG9 & also WinPatrol

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

[nevadagirl]

ok im in the middle of doing this and when i click on the combo fix it start like you said asking can it download the Microsoft restore an then it had a couple of pop ups asking would i allow a couple of sites around about four different times which i said yes to an then it said please wait ,combo fix is preparing to run, attempting to create a new system restore point an it has a little under score line blinking under that its saying this in a blue looking dos box which it has been sitting here now for almost 20 min wanted to make sure this is what its suppose to be doing an also how long does the usually take .also it said when downloading it would reboot at the end an take off any malware that was on the pc a little confused

[Maurice Naggar]

Please use some separation in your sentences, using period marks ".".

Combofix runs in a command prompt window. That's normal.

It should have finished after 30 to 35 minutes or so.

Please find the log C:\Combofix.txt

Copy and paste the contents into a reply.

[nevadagirl]

ok after waiting about 4.00 hr I went to x it out. Since it do not change when I did there was a little window that had came up behind that dos window , saying could not download from the internet due to no internet .I believe that this was due to the firewall . I have not reused for you said not to run it again so Im waiting for your instruction again thanks for all your help

[nevadagirl]

Not sure what going on ?? I woke this morning an I had sitting waiting for me on my desk top about 8 trojan downloader agent2.TCO . Really need some help cannot go into work with my pc infected like this. Was wanting to know should I dump my restore points .. Again thanks for all your help

[Maurice Naggar]

No, do not dump restore points. and kindly have patience. I'm still at my work & will take 40 minutes to get home before I can reply again.

If you have a non-Windows firewall, you can turn it off.

Also, insure your antivirus is off before retrying Combofix.

But 1st you need to be very sure pc does have connection to the internet.

[Maurice Naggar]

Nancy,

Please do this now, so we can get 3 reports, which will help me to better see what may be on your system.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.
  

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[nevadagirl]

by your 1st comment you want me to go ahead an retry combo fix .Then after running combo fix then run the oldtimer again an send you all the information at one time. correct !!

[Maurice Naggar]

Sorry, I did mention CF. But no, just run the OTL & SecurityCheck as per my very last note. Those reports will give me a more current view of the system.

[nevadagirl]

Sorry I started already with the combo fix an it seemed to work fine this time ,Since I turned off my firewall .So Im sending you that file now an will begin on the other scans now

ComboFix 10-03-09.08 - Nancy 03/10/2010 5:49.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.956 [GMT -6:00]

Running from: c:\documents and settings\Nancy\Desktop\Combo-Fix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Nancy\Application Data\.#

c:\program files\Internet Explorer\msimg32.dll

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\system32\Ijl11.dll

c:\windows\system32\setup.ini

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))

.

2010-03-08 08:20 . 2010-03-08 08:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\AVG9

2010-03-06 14:45 . 2010-03-06 15:04 -------- d-----w- c:\program files\ERUNT

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-05 22:03 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-05 05:35 . 2010-03-05 05:35 -------- d-----w- c:\program files\Security Task Manager

2010-03-05 02:44 . 2010-03-05 02:44 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll

2010-03-05 02:44 . 2010-03-05 02:44 2054 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F8F8F82872CA4545970643B44AA1D88.dll

2010-03-05 02:44 . 2010-03-05 02:44 146 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CAED145D3F56E547BBC49CE3F9B7684.dll

2010-03-05 02:44 . 2010-03-05 02:44 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll

2010-02-27 16:52 . 2010-03-04 04:59 -------- d-----w- c:\documents and settings\Nancy\Application Data\Faerie Solitaire

2010-02-27 13:32 . 2010-02-27 13:46 -------- d-----w- c:\program files\Faerie Solitaire

2010-02-27 13:03 . 2010-02-27 13:45 -------- d-----w- c:\program files\Alices Tea Cup Madness

2010-02-25 11:23 . 2010-02-25 11:24 -------- d-----w- c:\program files\Cake Mania 3

2010-02-21 06:45 . 2010-02-21 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2010-02-19 23:18 . 2010-02-20 00:29 -------- d-----w- C:\Downloads

2010-02-19 04:12 . 2010-03-07 00:27 -------- d-----w- c:\program files\IEPro

2010-02-19 04:11 . 2010-02-19 05:51 -------- d-----w- c:\documents and settings\Nancy\Application Data\IEPro

2010-02-18 06:29 . 2010-03-09 14:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\4shared Desktop

2010-02-18 06:22 . 2010-02-18 06:22 -------- d-----w- c:\program files\4shared Desktop

2010-02-14 05:57 . 2010-02-26 03:49 -------- d-----w- c:\program files\Farm Mania 2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-09 10:25 . 2010-03-09 06:03 -------- d-----w- c:\program files\Fiona Finch and the Finest Flowers

2010-03-09 06:01 . 2010-03-09 06:00 -------- d-----w- c:\program files\Shaman Odyssey Tropic Adventure

2010-03-07 00:25 . 2009-10-03 17:59 -------- d-----w- c:\program files\Airport Mania

2010-03-05 09:40 . 2007-12-24 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-03-05 08:55 . 2006-09-25 02:47 -------- d-----w- c:\program files\Trend Micro

2010-03-03 14:20 . 2006-08-18 10:40 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-27 13:46 . 2006-12-16 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-02-27 13:46 . 2006-08-28 16:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\PlayFirst

2010-02-22 06:10 . 2009-12-28 02:13 -------- d-----w- c:\program files\Build It! Miami Beach Resort

2010-02-21 09:25 . 2009-09-03 02:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-21 06:35 . 2009-06-21 00:51 -------- d-----w- c:\program files\Alawar

2010-02-21 06:32 . 2009-11-21 01:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\Skype

2010-02-21 06:03 . 2009-11-21 01:50 -------- d-----w- c:\documents and settings\Nancy\Application Data\skypePM

2010-02-19 19:15 . 2008-12-22 17:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\dvdcss

2010-02-14 05:23 . 2006-07-29 02:36 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-11 04:21 . 2009-06-21 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-02-10 09:56 . 2009-02-26 13:53 -------- d-----w- c:\documents and settings\Nancy\Application Data\EleFun Games

2010-02-08 07:55 . 2006-07-29 21:59 -------- d-----w- c:\program files\QuickTime

2010-02-08 07:54 . 2010-02-05 05:46 -------- d-----w- c:\program files\Apple Software Update

2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-02-08 07:54 . 2010-02-04 20:38 -------- d-----w- c:\program files\Passport to Paradise

2010-02-08 07:53 . 2007-02-23 23:30 -------- d-----w- c:\program files\IncrediMail

2010-02-08 07:53 . 2006-07-30 04:56 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-02-08 07:53 . 2009-01-24 13:13 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-08 05:54 . 2007-06-23 05:11 -------- d-----w- c:\program files\Winter Wonderland

2010-02-07 12:54 . 2009-11-02 06:10 -------- d-----w- c:\program files\Sallys Quick Clips

2010-02-07 12:54 . 2009-04-03 19:28 -------- d-----w- c:\program files\Success Story

2010-02-07 12:54 . 2009-09-20 04:49 -------- d-----w- c:\program files\Tradewinds Classic

2010-02-07 12:54 . 2009-02-26 02:03 -------- d-----w- c:\program files\Turtix Rescue Adventure

2010-02-07 12:54 . 2009-03-06 05:01 -------- d-----w- c:\program files\Vanilla and Chocolate

2010-02-07 12:54 . 2009-09-27 04:37 -------- d-----w- c:\program files\Tradewinds Caravans

2010-02-05 06:04 . 2010-02-05 06:04 68064 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-05 06:00 . 2006-08-15 01:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\Apple Computer

2010-02-05 05:48 . 2010-02-05 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-05 05:48 . 2010-02-05 05:45 -------- d-----w- c:\program files\Common Files\Apple

2010-02-04 20:48 . 2010-02-04 20:48 -------- d-----w- c:\documents and settings\Nancy\Application Data\Boomzap

2010-02-03 10:51 . 2006-08-03 18:47 10 ----a-w- c:\windows\popcinfo.dat

2010-02-03 03:43 . 2010-02-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IM

2010-02-03 03:32 . 2010-02-03 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail

2010-01-29 04:35 . 2006-07-11 15:06 -------- d-----w- c:\program files\Common Files\Java

2010-01-29 04:35 . 2010-01-29 04:35 503808 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcp71.dll

2010-01-29 04:35 . 2010-01-29 04:35 499712 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\jmc.dll

2010-01-29 04:35 . 2010-01-29 04:35 348160 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcr71.dll

2010-01-29 04:35 . 2010-01-29 04:35 61440 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-sse.dll

2010-01-29 04:35 . 2010-01-29 04:35 12800 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-d3d.dll

2010-01-29 04:35 . 2006-07-11 15:07 -------- d-----w- c:\program files\Java

2010-01-10 04:01 . 2010-01-10 03:58 -------- d-----w- c:\program files\Wedding Dash Ready Aim Love

2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cake-shop-2_s1_l1_gF5309T1L1_d796566250.exe

2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll

2009-12-21 19:14 . 2004-08-04 12:00 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll

2009-12-21 19:14 . 2006-10-17 18:57 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll

2009-12-21 19:14 . 2006-11-08 04:03 11070464 ----a-w- c:\windows\system32\ieframe(3)(2).dll

2009-12-17 23:14 . 2009-02-27 02:43 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-15 18:14 . 2009-12-15 18:14 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-15 18:14 . 2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-15 18:14 . 2009-12-15 18:14 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-15 18:14 . 2009-12-15 18:14 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-02-02 11:34 . 2008-11-12 02:18 13824 --sha-w- c:\program files\Thumbs.db

2007-01-27 10:59 . 2007-01-27 10:59 6144 --sha-w- c:\program files\Common Files\Thumbs.db

2008-11-10 17:22 . 2007-06-20 17:16 88 --sh--r- c:\windows\system32\8FB0F740BA.sys

2009-10-31 15:34 . 2009-10-30 03:38 88 --sh--r- c:\windows\system32\C28E54603C.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"4shared Desktop"="c:\program files\4shared Desktop\desktop.exe" [2009-12-07 3632640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"JMAP5289"="c:\program files\ULI5289\JMAP5289.exe" [2004-07-19 28672]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-09-29 1337344]

c:\documents and settings\Nancy\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2006-08-01 22:35 67112 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]

2004-07-24 09:13 405504 ------w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]

2007-10-31 01:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

2002-12-11 00:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

2002-12-11 00:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-07-23 08:27 68096 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-02-06 20:44 3572984 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EapHost"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SiteAdvisor"=c:\program files\SiteAdvisor\5020\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [7/10/2006 4:06 PM 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [7/10/2006 4:06 PM 7168]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [1/11/2005 9:50 AM 49101]

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [9/4/2006 5:16 PM 19478]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [7/10/2006 3:53 PM 44928]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/15/2009 12:14 PM 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/15/2009 12:14 PM 360584]

R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [9/4/2006 5:16 PM 635017]

R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [9/4/2006 5:16 PM 431236]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/15/2009 12:13 PM 285392]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/23/2009 8:01 AM 30152]

R3 JM5289;JM5289;\??\c:\documents and settings\Nancy\JM5289.sys --> c:\documents and settings\Nancy\JM5289.sys [?]

R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [3/1/2009 11:04 PM 220079]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [7/10/2006 3:55 PM 29696]

S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [9/4/2006 5:16 PM 64093]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm

IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm

IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm

Trusted Zone: ebay.com\search

Trusted Zone: liveops.com\callcenter

Trusted Zone: liveops.com\www

Trusted Zone: liveops.com \callcenter

Trusted Zone: proflowers.com\homeadmin

Trusted Zone: proflowers.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} - hxxps://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-WebCamRT.exe - (no file)

HKLM-Run-WinPatrol - c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe

HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

HKLM-Run-pccguide.exe - c:\program files\Trend Micro\Internet Security 2007\pccguide.exe

HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-Kissed by a Rose - c:\windows\DWUninst.exe

AddRemove-Lady Cardinal - c:\windows\DWUninst.exe

AddRemove-Queen of the Orient - c:\windows\DWUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-10 05:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Param2"=""

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:89,61,5a,b1,c4,a6,35,3a,a1,af,96,14,de,12,56,6e,c7,e1,9e,68,35,97,25,

7b,1e,17,b9,20,62,61,49,15,ac,c2,d7,e1,64,ba,60,c7,bd,04,17,74,ce,ba,c8,fe,\

"??"=hex:e5,85,7e,b7,90,ab,d1,ac,28,b9,66,ef,9b,f4,3e,0d

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-03-10 05:56:05

ComboFix-quarantined-files.txt 2010-03-10 11:56

Pre-Run: 33,463,316,480 bytes free

Post-Run: 33,438,621,696 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8BBC6AF117B7652712585514B64C0397

[nevadagirl]

this is the otl file

--------------------------------------------------------------------------------------------------------

____________________________OLT___FILE__________________________________________

____________

OTL logfile created on: 3/10/2010 7:26:57 AM - Run 1

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Nancy\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 31.09 Gb Free Space | 20.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCY-9161434C0

Current User Name: Nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 07:22:44 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.exe

PRC - [2009/12/31 09:32:12 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/12/15 12:14:28 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/12/15 12:14:28 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/12/15 12:14:28 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/12/15 12:14:27 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/12/15 12:13:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2007/12/27 21:14:48 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe

PRC - [2004/08/24 18:12:14 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

========== Modules (SafeList) ==========

MOD - [2010/03/10 07:22:44 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.exe

MOD - [2004/10/15 19:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/15 12:13:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)

SRV - [2007/12/27 21:14:48 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)

SRV - [2004/08/24 18:12:14 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (JM5289)

DRV - [2009/12/15 12:14:45 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/12/15 12:14:40 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/12/15 12:14:38 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2007/04/10 17:05:34 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2006/05/03 10:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/10/15 19:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)

DRV - [2004/10/15 19:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)

DRV - [2004/10/15 19:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)

DRV - [2004/10/15 19:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)

DRV - [2004/10/15 19:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)

DRV - [2004/08/24 17:51:26 | 000,650,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2004/08/24 17:43:18 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)

DRV - [2004/08/24 17:40:28 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2004/08/24 17:35:14 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2004/08/24 17:33:32 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

DRV - [2004/08/24 17:24:14 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2004/07/26 21:19:16 | 000,029,696 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULILAN.SYS -- (ULI5261)

DRV - [2004/07/23 09:00:36 | 000,049,101 | ---- | M] (ALi Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289)

DRV - [2004/07/23 03:12:12 | 000,635,025 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/07/08 16:58:50 | 000,044,928 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)

DRV - [2004/05/08 11:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/04/08 12:04:56 | 000,635,017 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf2.sys -- (sonypvf2)

DRV - [2004/02/23 21:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/08/20 11:44:26 | 000,431,236 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt2.sys -- (sonypvt2)

DRV - [2003/07/25 16:02:40 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl2.sys -- (sonypvl2)

DRV - [2003/06/24 11:29:34 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)

DRV - [2003/03/06 12:32:28 | 000,007,311 | ---- | M] (ALi Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2003/03/06 12:26:24 | 000,007,040 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\aliidex.sys -- (aliidex)

DRV - [2003/01/16 17:47:46 | 000,007,168 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aliperf.sys -- (aliperf)

DRV - [2002/06/10 14:24:38 | 000,220,079 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV551AV.sys -- (PID_0900_V) Logitech ClickSmart 310(PID_0900_V)

DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVBULK.sys -- (LVBulk)

DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)

DRV - [2001/08/17 12:49:04 | 000,051,552 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntgrip.sys -- (ntgrip)

DRV - [2000/03/29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2008/09/19 12:08:10 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [smcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKCU..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Nancy\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm ()

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ebay.com ([search] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([callcenter] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: liveops.com ([callcenter] https in Trusted sites)

O15 - HKCU\..Trusted Domains: proflowers.com ([homeadmin] https in Trusted sites)

O15 - HKCU\..Trusted Domains: proflowers.com ([www] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1152575217406 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1183634236703 (MUWebControl Class)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} https://calltaking2.workathomeagent.net/wal...hostexpress.cab (MicroX Persistent Mainframe Display Control)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://flowers-vpn.liveops.com/dana-cached...perSetupSP1.cab (JuniperSetupSP1 Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/07/10 15:05:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 07:22:42 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.exe

[2010/03/10 07:09:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/03/10 06:34:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/10 06:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Desktop\notes on pc

[2010/03/10 05:40:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/09 00:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Fiona Finch and the Finest Flowers

[2010/03/09 00:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Shaman Odyssey Tropic Adventure

[2010/03/08 03:12:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/08 03:12:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/08 03:12:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/08 03:12:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/08 03:10:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/08 02:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\AVG9

[2010/03/06 09:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/06 08:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/03/05 16:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\Malwarebytes

[2010/03/05 16:03:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/05 16:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/03/05 16:03:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/03/05 16:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/04 23:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2010/02/27 10:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\Faerie Solitaire

[2010/02/27 07:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Faerie Solitaire

[2010/02/27 07:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alices Tea Cup Madness

[2010/02/25 05:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Cake Mania 3

[2010/02/25 01:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Desktop\kptfolder

[2010/02/24 18:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\My Documents\numbers

[2010/02/21 00:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

[2010/02/20 19:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Desktop\zip

[2010/02/19 17:18:59 | 000,000,000 | ---D | C] -- C:\Downloads

[2010/02/18 22:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\IEPro

[2010/02/18 22:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\IEPro

[2010/02/18 00:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\Application Data\4shared Desktop

[2010/02/18 00:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\4shared Desktop

[2010/02/13 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Mania 2

[2010/02/11 22:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\My Documents\scrapes2010

[2010/02/11 06:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy\My Documents\deko glass

[2009/12/15 12:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/15 12:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/15 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/15 11:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2009/11/28 06:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2008/10/20 19:20:46 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll

[2008/10/20 19:20:45 | 000,692,224 | ---- | C] ( ) -- C:\Program Files\dtdr3260.dll

[2008/10/20 19:20:43 | 000,659,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll

[2008/10/20 19:20:43 | 000,339,968 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll

[2008/10/20 19:20:43 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\DUNZIP32.dll

[2008/10/20 19:20:43 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll

[2008/10/20 19:20:43 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll

[2008/10/20 19:20:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe

[2008/10/20 19:20:42 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll

[2008/10/20 19:20:42 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll

[2008/10/20 19:20:42 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll

[2008/10/20 19:20:42 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll

[2008/10/20 19:20:39 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll

[2008/10/20 19:20:38 | 000,153,152 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RecordingManager.exe

[2008/10/20 19:20:38 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll

[2008/10/20 19:20:37 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll

[2008/10/20 19:20:37 | 000,308,832 | ---- | C] (RealPlayer) -- C:\Program Files\rpbrowserrecordplugin.dll

[2008/10/20 19:20:37 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll

[2008/10/20 19:20:33 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll

[2008/10/20 19:20:28 | 000,098,304 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll

[2008/10/20 19:20:28 | 000,095,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll

[2008/10/20 19:20:28 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll

[2008/10/20 19:20:28 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll

[2008/10/20 19:20:25 | 000,214,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe

[2008/10/20 19:20:25 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe

[2008/10/20 19:20:25 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe

[2008/10/05 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2008/08/21 08:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2008/08/21 08:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google

[2008/08/21 08:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint

[2007/05/29 05:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM

[2007/05/29 05:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2007/05/29 05:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2007/04/29 10:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2007/02/11 04:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks

[2007/01/28 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks

[2006/07/11 09:02:28 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[2006/07/11 09:01:50 | 000,650,632 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2006/07/11 09:01:50 | 000,100,240 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2006/07/11 09:01:50 | 000,013,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2006/07/11 09:01:49 | 001,395,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2006/07/11 09:01:49 | 000,229,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2006/07/11 09:01:49 | 000,014,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys

========== Files - Modified Within 30 Days ==========

[2010/03/10 07:22:44 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy\Desktop\OTL.exe

[2010/03/10 05:56:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/10 05:53:59 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/10 05:40:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/03/09 18:43:42 | 056,950,137 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/03/09 08:21:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/09 08:19:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/09 08:19:01 | 1609,879,552 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/09 04:59:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/03/09 00:01:13 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Shaman Odyssey Tropic Adventure.lnk

[2010/03/06 21:49:13 | 000,010,532 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\dds_attach.zip

[2010/03/06 19:24:48 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Nancy\ntuser.dat

[2010/03/06 19:24:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nancy\ntuser.ini

[2010/03/06 12:29:49 | 000,000,465 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Sign In.url

[2010/03/06 09:03:27 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\NTREGOPT.lnk

[2010/03/06 07:44:18 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/05 16:03:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/05 02:55:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\HijackThis.lnk

[2010/03/04 23:30:30 | 000,000,785 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/03/03 08:20:33 | 000,008,404 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/03/02 20:38:46 | 006,376,086 | -H-- | M] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\IconCache.db

[2010/02/27 07:32:35 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Faerie Solitaire.lnk

[2010/02/27 07:03:33 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Alices Tea Cup Madness.lnk

[2010/02/25 05:24:06 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Cake Mania 3.lnk

[2010/02/20 04:15:02 | 009,580,469 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\7S_GhostTrain_btf.zip

[2010/02/18 14:54:24 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/18 14:54:24 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/02/18 14:54:24 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/16 00:33:52 | 000,057,111 | ---- | M] () -- C:\Documents and Settings\Nancy\My Documents\numbercodes............gif

[2010/02/13 23:58:08 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Nancy\Desktop\Farm Mania 2.lnk

[2010/02/13 23:23:40 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/03/10 05:40:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/10 05:40:48 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/03/09 00:01:13 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Shaman Odyssey Tropic Adventure.lnk

[2010/03/08 03:12:24 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/08 03:12:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/08 03:12:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/08 03:12:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/08 03:12:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/06 21:49:13 | 000,010,532 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\dds_attach.zip

[2010/03/06 09:03:27 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\NTREGOPT.lnk

[2010/03/05 16:03:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/05 02:55:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\HijackThis.lnk

[2010/02/27 07:32:35 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Faerie Solitaire.lnk

[2010/02/27 07:03:33 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Alices Tea Cup Madness.lnk

[2010/02/25 05:24:06 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Cake Mania 3.lnk

[2010/02/20 04:15:01 | 009,580,469 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\7S_GhostTrain_btf.zip

[2010/02/16 00:34:13 | 000,057,111 | ---- | C] () -- C:\Documents and Settings\Nancy\My Documents\numbercodes............gif

[2010/02/13 23:58:07 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Nancy\Desktop\Farm Mania 2.lnk

[2010/02/13 23:23:39 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk

[2009/12/20 18:06:11 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/12/15 03:36:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\housecall.guid.cache

[2009/10/29 21:38:46 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C28E54603C.sys

[2009/10/29 18:16:17 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

[2009/10/29 18:16:17 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C28E54603C.sys

[2009/08/27 14:44:10 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI

[2009/05/27 00:23:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\fusioncache.dat

[2009/04/28 02:56:32 | 000,000,265 | ---- | C] () -- C:\WINDOWS\fmachine.ini

[2009/04/26 23:16:37 | 000,004,272 | ---- | C] () -- C:\WINDOWS\IFiltSet.Ini

[2009/04/26 23:12:38 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/03/13 20:51:25 | 000,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini

[2009/03/01 23:05:48 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI

[2009/03/01 23:04:50 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll

[2009/03/01 23:04:50 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll

[2009/03/01 23:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll

[2009/03/01 23:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll

[2009/03/01 23:04:50 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll

[2009/03/01 23:04:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll

[2009/03/01 23:04:50 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/03/01 23:04:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2008/11/11 20:18:55 | 000,013,824 | -HS- | C] () -- C:\Program Files\Thumbs.db

[2008/10/20 19:23:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/10/20 19:20:46 | 000,000,568 | ---- | C] () -- C:\Program Files\fpsectbl

[2008/10/20 19:20:43 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg

[2008/10/20 19:20:39 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi

[2008/10/20 19:20:39 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm

[2008/10/20 19:20:39 | 000,040,154 | ---- | C] () -- C:\Program Files\realplay.chm

[2008/10/20 19:20:39 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon

[2008/10/20 19:20:39 | 000,011,444 | ---- | C] () -- C:\Program Files\frw.bmp

[2008/10/20 19:20:38 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf

[2008/10/20 19:20:38 | 000,000,685 | ---- | C] () -- C:\Program Files\RecordingManager.exe.manifest

[2008/10/20 19:20:33 | 000,053,098 | ---- | C] () -- C:\Program Files\presets.rnx

[2008/10/20 19:20:33 | 000,052,609 | ---- | C] () -- C:\Program Files\RealNetworks License.html

[2008/10/20 19:20:33 | 000,052,609 | ---- | C] () -- C:\Program Files\playrlic.html

[2008/10/20 19:20:33 | 000,050,548 | ---- | C] () -- C:\Program Files\RealNetworks License.txt

[2008/10/20 19:20:33 | 000,050,548 | ---- | C] () -- C:\Program Files\playrlic.txt

[2008/10/20 19:20:33 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat

[2008/10/20 19:20:31 | 000,638,892 | ---- | C] () -- C:\Program Files\normal.vs

[2008/10/20 19:20:31 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs

[2008/10/20 19:20:29 | 000,102,400 | ---- | C] () -- C:\Program Files\HXAudioDeviceHook.dll

[2008/10/20 19:20:27 | 000,001,030 | ---- | C] () -- C:\Program Files\autoplaylist.dat

[2008/10/20 19:20:27 | 000,000,050 | ---- | C] () -- C:\Program Files\strs23.dat

[2008/10/20 19:20:27 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat

[2008/10/20 19:20:25 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm

[2008/10/20 19:20:25 | 000,000,682 | ---- | C] () -- C:\Program Files\realplay.exe.manifest

[2008/10/20 19:20:25 | 000,000,207 | ---- | C] () -- C:\Program Files\subscription.rnx

[2007/06/20 11:16:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8FB0F740BA.sys

[2007/05/23 01:56:07 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\$_hpcst$.hpc

[2007/02/23 07:09:01 | 000,000,910 | ---- | C] () -- C:\WINDOWS\nvrbm.ini

[2007/01/28 20:53:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini

[2007/01/28 01:42:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2007/01/27 04:59:58 | 000,006,144 | -HS- | C] () -- C:\Program Files\Common Files\Thumbs.db

[2007/01/11 01:41:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini

[2006/12/06 03:32:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/09/24 20:47:46 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini

[2006/09/04 17:20:51 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL

[2006/09/04 17:20:51 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini

[2006/08/29 02:01:58 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Nancy\Application Data\tcw_config.cfg

[2006/08/18 04:40:31 | 000,008,404 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/08/14 19:19:37 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/08/06 00:32:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL

[2006/08/06 00:32:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL

[2006/08/06 00:32:14 | 000,000,487 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2006/07/29 09:11:26 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Nancy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/07/29 07:28:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/07/23 21:00:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/11 09:02:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2006/07/11 09:02:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2006/07/11 09:01:50 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll

[2006/07/11 09:01:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

[2006/07/11 09:01:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

[2006/07/10 16:07:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/07/10 15:52:41 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006/07/10 15:52:41 | 000,003,204 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/04/30 01:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll

[2006/04/14 00:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll

[2006/04/14 00:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll

[2006/04/14 00:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll

[2004/10/15 19:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004/01/13 17:06:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL

[2003/06/13 05:53:38 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/11/13 09:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll

[2001/07/13 08:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1997/08/28 10:54:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IDCFG32.DLL

========== LOP Check ==========

[2006/08/06 00:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4200Series

[2007/07/24 05:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze

[2010/02/10 22:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper

[2007/01/09 01:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2008/04/29 05:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games

[2009/12/15 12:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg

[2009/08/05 01:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge

[2009/07/15 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CupcakeCafe

[2009/09/11 23:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate

[2008/02/04 14:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames

[2006/08/01 03:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA

[2009/02/23 11:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames

[2009/09/06 01:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2

[2008/07/28 07:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17

[2008/07/28 07:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames

[2009/11/05 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2008/10/22 20:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames

[2008/07/28 06:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2006/11/29 08:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo

[2008/02/21 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

[2009/08/05 14:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2009/03/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii

[2008/11/25 05:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc

[2008/07/12 20:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/02/02 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2010/02/02 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2009/11/19 04:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands

[2009/02/28 02:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin

[2009/10/25 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin_generic

[2010/01/05 21:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games

[2008/11/25 05:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher

[2007/05/15 23:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive

[2009/09/17 03:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom

[2009/11/02 00:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2009/01/07 21:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age

[2009/10/18 03:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople

[2008/12/23 01:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games

[2008/09/18 04:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games

[2007/01/07 20:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2008/09/05 01:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/02/27 07:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2009/02/08 03:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive

[2008/12/27 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive Ashtons Family Resort

[2008/07/12 23:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2006/07/29 08:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2010/03/05 03:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2007/06/21 15:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC

[2008/06/28 06:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2009/07/07 03:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure

[2010/02/21 03:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/06/27 23:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick

[2009/04/23 08:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/12/02 00:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2007/08/24 07:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2010/02/04 23:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2007/08/27 10:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\4200Series

[2010/03/09 08:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\4shared Desktop

[2006/08/01 19:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Aim

[2006/08/01 19:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\AIMPro

[2009/11/25 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Alawar

[2009/11/11 01:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Alien Skin

[2008/08/02 14:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Amaranth Games

[2007/01/09 03:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Ashampoo

[2007/06/15 23:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Audacity

[2010/03/08 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\AVG9

[2008/09/11 16:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\BeachPartyCraze

[2009/08/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\blg

[2008/02/04 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Bloom

[2008/08/02 03:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Blumentals

[2009/03/12 22:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Boolat Games

[2010/02/04 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Boomzap

[2009/08/05 01:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\CasualForge

[2006/08/01 03:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EA

[2009/11/18 04:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EcoRescue

[2009/03/25 15:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\eGames

[2010/02/10 03:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\EleFun Games

[2010/03/03 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Faerie Solitaire

[2007/11/18 19:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\funkitron

[2008/08/17 06:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Gaijin Ent

[2008/12/07 05:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GameInvest

[2008/08/29 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Gamelab

[2009/11/02 01:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GamesCafe

[2006/11/29 07:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Genimo

[2008/08/16 23:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Go-Go Gourmet Chef of the Year

[2009/01/23 02:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Graboid Inc

[2009/08/16 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\GraveyardShift

[2007/12/21 00:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Home Sweet Home

[2009/06/04 09:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\HuruBeachParty

[2008/02/14 11:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ICAClient

[2010/02/18 23:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\IEPro

[2009/03/21 12:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Intenium

[2009/02/26 03:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ITTNord

[2009/01/06 20:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\iWin

[2009/10/25 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\iWin_generic

[2007/10/07 15:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jane s Hotel

[2008/04/08 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jane s Hotel Family Hero

[2007/01/02 01:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Jasc

[2008/01/27 15:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Juniper Networks

[2008/08/16 20:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Ludia

[2008/05/17 14:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Magic Seeds

[2009/06/14 06:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MagicBall4

[2008/04/21 22:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Meridian93

[2009/09/17 03:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Merscom

[2009/02/04 20:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MiniDm

[2009/12/09 17:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\My Games

[2008/11/23 14:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\MysteryStudio

[2008/09/18 04:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Oberon Games

[2008/09/04 15:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Opera

[2008/09/12 02:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Paint Shop Pro 8

[2008/01/09 01:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Pi Eye Games

[2010/02/27 07:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\PlayFirst

[2008/10/28 22:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Pogo Games

[2008/09/18 11:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Reflexive Arcade

[2009/07/17 20:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Reflexive JanesZOO

[2007/08/05 07:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Sandlot Games

[2009/02/27 06:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ScreenSeven

[2009/04/03 13:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Shape games

[2008/05/04 19:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\StoneLoopsRE

[2009/09/26 01:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Sudden Games LLC

[2009/03/25 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\SulusGames

[2008/03/05 00:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Total Eclipse

[2009/06/27 23:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\UClick

[2009/04/23 08:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Viewpoint

[2008/07/09 22:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\ViquaSoft

[2008/04/30 22:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\Wildfire

[2007/02/16 17:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\WinPatrol

[2009/08/07 09:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy\Application Data\YoudaGames

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6C31E03

< End of report >

------________________________________________________________________________________

______________

[nevadagirl]

________________________________________________________________________________

__

___________________________EXTRA ___________TEST_________FILE__________________________

OTL Extras logfile created on: 3/10/2010 7:26:57 AM - Run 1

OTL by OldTimer - Version 3.1.36.0 Folder = C:\Documents and Settings\Nancy\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 31.09 Gb Free Space | 20.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NANCY-9161434C0

Current User Name: Nancy

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\IncrediMail\bin\ImPackr.exe" = C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:IncrediMail -- ()

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}" = ULi AGP Driver 2.20

"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X

"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 18

"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11

"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4

"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v4.0 ActiveX Control

"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision

"{3F60BCE5-8F0F-4FD9-A3E2-AEE9586F201B}" = TMS CallCenter

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client

"{432968D5-88FE-44B9-9168-B2806A9668E9}" = ULi 5289 Driver

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe

[nevadagirl]

________________________________________________________________________________

__________

_________________________________CHECKUP__________TXT___________________________

_______

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

AVG Free 9.0

Sygate Personal Firewall

``````````````````````````````

Anti-malware/Other Utilities Check:

SpywareBlaster v3.5.1

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 18

Java 6 Update 3

Java 6 Update 4

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Java Auto Updater

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.2.0

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

[Maurice Naggar]

There appears to be a rootkit still left on board.

Turn off AVG antivirus as you did before

Start notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=42520

Collect::
C:\WINDOWS\System32\8FB0F740BA.sys

Save this as CFScript.txt on your Desktop

Refering to the picture above, drag CFScript.txt and drop into Combo-Fix.exe (the red lion icon on your Desktop)

When finished, it shall produce a log for you.

Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
  
• A browser will open.
  
• Simply follow the instructions to copy/paste/send the requested file.
  

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Reply with copy of the new C:\Combofix.txt

Turn AVG antivirus back on.

[nevadagirl]

Im sorry just a little confused on the dropping notepad in to the icon. Is the combo_fix suppose to bring up the box an you click run cause thats what happen when I dropped the cfscript on it . Then it started prompting to run another scan is this suppose to happen ? Do I click the run button when it prompt me after dropping the txt on to it

[Maurice Naggar]

Click the Run button.

[nevadagirl]

Also want to know was it ok to download a new combo fix for i deleted the old one away for it said in the tutorial not to keep when finished delete, hope this was ok any how let me no on what i should do with the combo-fix .Like I said before , I downloaded it back to my desktop an when I drop the notepad on top it came up asking if I wanted to run the combofix I thought all it was suppose to do was make a txt not run a scan so just a little confused please let me know thanks Nancy

[Maurice Naggar]

For your benefit, please always read my directions and ask (as you have now) when you have a question.

I did not intend for you to get a fresh (new) Combofix. But now that you do have it. Let's keep it.

Do not delete it without my guidance.

Now then, Combofix should be on your Desktop.

You save the script as CFscript.txt on your Desktop? You saved it and closed Notepad, right?

Then I want you to drag & then drop CFscript.txt onto the red-lion icon Combofix.

It will start running, you tell it yes if prompted. It is supposed to run the script.

Also, kindly (please) use some separation and white space in your replies. It is hard enough for me to read.

[nevadagirl]

Ok Here is what you ask for, Hope all is ok!!

Also please forgive with my bad writing an typing for I,m disabled an have very bad pain in my hands again so

sorry . Thanks for all your help I will try my best . Nancy

ComboFix 10-03-10.08 - Nancy 03/11/2010 18:10:43.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1015 [GMT -6:00]

Running from: c:\documents and settings\Nancy\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Nancy\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

* Created a new restore point

file zipped: c:\windows\System32\8FB0F740BA.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\System32\8FB0F740BA.sys

.

((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))

.

2010-03-09 06:03 . 2010-03-09 10:25 -------- d-----w- c:\program files\Fiona Finch and the Finest Flowers

2010-03-09 06:00 . 2010-03-09 06:01 -------- d-----w- c:\program files\Shaman Odyssey Tropic Adventure

2010-03-08 08:20 . 2010-03-08 08:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\AVG9

2010-03-06 14:45 . 2010-03-06 15:04 -------- d-----w- c:\program files\ERUNT

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-05 22:03 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-05 05:35 . 2010-03-05 05:35 -------- d-----w- c:\program files\Security Task Manager

2010-03-05 02:44 . 2010-03-05 02:44 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll

2010-03-05 02:44 . 2010-03-05 02:44 2054 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F8F8F82872CA4545970643B44AA1D88.dll

2010-03-05 02:44 . 2010-03-05 02:44 146 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CAED145D3F56E547BBC49CE3F9B7684.dll

2010-03-05 02:44 . 2010-03-05 02:44 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll

2010-02-27 16:52 . 2010-03-04 04:59 -------- d-----w- c:\documents and settings\Nancy\Application Data\Faerie Solitaire

2010-02-27 13:32 . 2010-02-27 13:46 -------- d-----w- c:\program files\Faerie Solitaire

2010-02-27 13:03 . 2010-02-27 13:45 -------- d-----w- c:\program files\Alices Tea Cup Madness

2010-02-25 11:23 . 2010-02-25 11:24 -------- d-----w- c:\program files\Cake Mania 3

2010-02-21 06:45 . 2010-02-21 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2010-02-19 23:18 . 2010-02-20 00:29 -------- d-----w- C:\Downloads

2010-02-19 04:12 . 2010-03-07 00:27 -------- d-----w- c:\program files\IEPro

2010-02-19 04:11 . 2010-02-19 05:51 -------- d-----w- c:\documents and settings\Nancy\Application Data\IEPro

2010-02-18 06:29 . 2010-03-09 14:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\4shared Desktop

2010-02-18 06:22 . 2010-02-18 06:22 -------- d-----w- c:\program files\4shared Desktop

2010-02-14 05:57 . 2010-03-11 04:50 -------- d-----w- c:\program files\Farm Mania 2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-07 00:25 . 2009-10-03 17:59 -------- d-----w- c:\program files\Airport Mania

2010-03-05 09:40 . 2007-12-24 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-03-05 08:55 . 2006-09-25 02:47 -------- d-----w- c:\program files\Trend Micro

2010-03-03 14:20 . 2006-08-18 10:40 8404 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-27 13:46 . 2006-12-16 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-02-27 13:46 . 2006-08-28 16:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\PlayFirst

2010-02-22 06:10 . 2009-12-28 02:13 -------- d-----w- c:\program files\Build It! Miami Beach Resort

2010-02-21 09:25 . 2009-09-03 02:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-21 06:35 . 2009-06-21 00:51 -------- d-----w- c:\program files\Alawar

2010-02-21 06:32 . 2009-11-21 01:47 -------- d-----w- c:\documents and settings\Nancy\Application Data\Skype

2010-02-21 06:03 . 2009-11-21 01:50 -------- d-----w- c:\documents and settings\Nancy\Application Data\skypePM

2010-02-19 19:15 . 2008-12-22 17:20 -------- d-----w- c:\documents and settings\Nancy\Application Data\dvdcss

2010-02-14 05:23 . 2006-07-29 02:36 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-11 04:21 . 2009-06-21 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-02-10 09:56 . 2009-02-26 13:53 -------- d-----w- c:\documents and settings\Nancy\Application Data\EleFun Games

2010-02-08 07:55 . 2006-07-29 21:59 -------- d-----w- c:\program files\QuickTime

2010-02-08 07:54 . 2010-02-05 05:46 -------- d-----w- c:\program files\Apple Software Update

2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-02-08 07:54 . 2010-02-04 20:38 -------- d-----w- c:\program files\Passport to Paradise

2010-02-08 07:53 . 2007-02-23 23:30 -------- d-----w- c:\program files\IncrediMail

2010-02-08 07:53 . 2006-07-30 04:56 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-02-08 07:53 . 2009-01-24 13:13 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-08 05:54 . 2007-06-23 05:11 -------- d-----w- c:\program files\Winter Wonderland

2010-02-07 12:54 . 2009-11-02 06:10 -------- d-----w- c:\program files\Sallys Quick Clips

2010-02-07 12:54 . 2009-04-03 19:28 -------- d-----w- c:\program files\Success Story

2010-02-07 12:54 . 2009-09-20 04:49 -------- d-----w- c:\program files\Tradewinds Classic

2010-02-07 12:54 . 2009-02-26 02:03 -------- d-----w- c:\program files\Turtix Rescue Adventure

2010-02-07 12:54 . 2009-03-06 05:01 -------- d-----w- c:\program files\Vanilla and Chocolate

2010-02-07 12:54 . 2009-09-27 04:37 -------- d-----w- c:\program files\Tradewinds Caravans

2010-02-05 06:04 . 2010-02-05 06:04 68064 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-05 06:00 . 2006-08-15 01:21 -------- d-----w- c:\documents and settings\Nancy\Application Data\Apple Computer

2010-02-05 05:48 . 2010-02-05 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-02-05 05:48 . 2010-02-05 05:45 -------- d-----w- c:\program files\Common Files\Apple

2010-02-04 20:48 . 2010-02-04 20:48 -------- d-----w- c:\documents and settings\Nancy\Application Data\Boomzap

2010-02-03 10:51 . 2006-08-03 18:47 10 ----a-w- c:\windows\popcinfo.dat

2010-02-03 03:43 . 2010-02-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\IM

2010-02-03 03:32 . 2010-02-03 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail

2010-01-29 04:35 . 2006-07-11 15:06 -------- d-----w- c:\program files\Common Files\Java

2010-01-29 04:35 . 2010-01-29 04:35 503808 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcp71.dll

2010-01-29 04:35 . 2010-01-29 04:35 499712 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\jmc.dll

2010-01-29 04:35 . 2010-01-29 04:35 348160 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-24ef6161-n\msvcr71.dll

2010-01-29 04:35 . 2010-01-29 04:35 61440 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-sse.dll

2010-01-29 04:35 . 2010-01-29 04:35 12800 ----a-w- c:\documents and settings\Nancy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-66f90d48-n\decora-d3d.dll

2010-01-29 04:35 . 2006-07-11 15:07 -------- d-----w- c:\program files\Java

2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\cake-shop-2_s1_l1_gF5309T1L1_d796566250.exe

2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll

2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-21 19:14 . 2004-08-04 12:00 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll

2009-12-21 19:14 . 2006-10-17 18:57 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll

2009-12-21 19:14 . 2006-11-08 04:03 11070464 ----a-w- c:\windows\system32\ieframe(3)(2).dll

2009-12-17 23:14 . 2009-02-27 02:43 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-15 18:14 . 2009-12-15 18:14 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-15 18:14 . 2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-15 18:14 . 2009-12-15 18:14 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-15 18:14 . 2009-12-15 18:14 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-02-02 11:34 . 2008-11-12 02:18 13824 --sha-w- c:\program files\Thumbs.db

2007-01-27 10:59 . 2007-01-27 10:59 6144 --sha-w- c:\program files\Common Files\Thumbs.db

2009-10-31 15:34 . 2009-10-30 03:38 88 --sh--r- c:\windows\system32\C28E54603C.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-03-10_11.53.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-12 00:02 . 2010-03-12 00:02 16384 c:\windows\Temp\Perflib_Perfdata_228.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"4shared Desktop"="c:\program files\4shared Desktop\desktop.exe" [2009-12-07 3632640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"JMAP5289"="c:\program files\ULI5289\JMAP5289.exe" [2004-07-19 28672]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-09-29 1337344]

c:\documents and settings\Nancy\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-12-15 18:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

2006-08-01 22:35 67112 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]

2004-07-24 09:13 405504 ------w- c:\program files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]

2007-10-31 01:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

2002-12-11 00:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

2002-12-11 00:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-07-23 08:27 68096 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-02-06 20:44 3572984 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EapHost"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SiteAdvisor"=c:\program files\SiteAdvisor\5020\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre1.5.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 aliidex;aliidex;c:\windows\system32\drivers\aliidex.sys [7/10/2006 4:06 PM 7040]

R0 aliperf;aliperf;c:\windows\system32\drivers\aliperf.sys [7/10/2006 4:06 PM 7168]

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [1/11/2005 9:50 AM 49101]

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [9/4/2006 5:16 PM 19478]

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [7/10/2006 3:53 PM 44928]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/15/2009 12:14 PM 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/15/2009 12:14 PM 360584]

R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [9/4/2006 5:16 PM 635017]

R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [9/4/2006 5:16 PM 431236]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/15/2009 12:13 PM 285392]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/23/2009 8:01 AM 30152]

R3 JM5289;JM5289;\??\c:\documents and settings\Nancy\JM5289.sys --> c:\documents and settings\Nancy\JM5289.sys [?]

R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [3/1/2009 11:04 PM 220079]

R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [7/10/2006 3:55 PM 29696]

S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [9/4/2006 5:16 PM 64093]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm

IE: &Download all 4shared files - c:\program files\4shared Desktop\down_all.htm

IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm

Trusted Zone: ebay.com\search

Trusted Zone: liveops.com\callcenter

Trusted Zone: liveops.com\www

Trusted Zone: liveops.com \callcenter

Trusted Zone: proflowers.com\homeadmin

Trusted Zone: proflowers.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} - hxxps://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-11 18:20

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]

"Name"="ActiveSync"

"DisplayName"="Microsoft ActiveSync"

"Param1"="ActiveSync"

"Param2"=""

"Type"="wellknown"

"Order"=dword:00000000

"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-1897051121-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:89,61,5a,b1,c4,a6,35,3a,a1,af,96,14,de,12,56,6e,c7,e1,9e,68,35,97,25,

7b,1e,17,b9,20,62,61,49,15,ac,c2,d7,e1,64,ba,60,c7,bd,04,17,74,ce,ba,c8,fe,\

"??"=hex:e5,85,7e,b7,90,ab,d1,ac,28,b9,66,ef,9b,f4,3e,0d

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-03-11 18:23:01

ComboFix-quarantined-files.txt 2010-03-12 00:22

ComboFix2.txt 2010-03-10 11:56

Pre-Run: 33,032,187,904 bytes free

Post-Run: 33,095,307,264 bytes free

- - End Of File - - 90380279A2B9DDF240333CC2FDB1681B

Upload was successful

[nevadagirl]

Oh I almost forgot when I was doing the comb_fix . It had a prompt that said,( would I like to update

combofix) . I stated no , I hope this was the correct way to do this ?