Jump to content

getting google redirect, and tab pop ups


Recommended Posts

i've been getting random windows tab pop ups when clicking on certain links or going to certain websites and ran mbam program and it is not detecting anything. here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:17:11 AM, on 5/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\Program Files\AVG\AVG9\avgrsx.exe

D:\Program Files\AVG\AVG9\avgcsrvx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

D:\Program Files\AVG\AVG9\avgwdsvc.exe

D:\Program Files\AVG\AVG9\avgfws9.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

D:\Program Files\AVG\AVG9\avgam.exe

D:\Program Files\AVG\AVG9\avgnsx.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Viewpoint\Common\ViewpointService.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\Microsoft IntelliType Pro\itype.exe

D:\Program Files\Google\Gmail Notifier\gnotify.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\PROGRA~1\AVG\AVG9\avgtray.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\AIM\aim.exe

D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

D:\Program Files\HP\Digital Imaging\bin\hposol08.exe

D:\Program Files\UltraMon\UltraMon.exe

D:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

D:\Program Files\UltraMon\UltraMonTaskbar.exe

D:\Program Files\AVG\AVG9\avgcsrvx.exe

D:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\JB\Desktop\Anti Spyware Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Aim] "D:\Program Files\AIM\aim.exe" /d locale=en-US

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: UltraMon.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229315438812

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229315425578

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StumbleUponUpdateService - stumbleupon.com - D:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11114 bytes

Link to post
Share on other sites

Hello mre03! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Step 1:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2:

1. Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Step 3:

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. GMER log
  3. Add or Remove Programs list
  4. GMER log

Link to post
Share on other sites

MBAM LOG:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4121

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/20/2010 2:49:40 PM

mbam-log-2010-05-20 (14-49-40).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 37846

Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Uninstall list:

abrViewer.NET 1.0.1

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe AIR

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Contribute CS3

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Encore CS3

Adobe Encore CS3 Codecs

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Flash CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe Media Player

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Setup

Adobe SING CS3

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

AIM 7

Apple Application Support

Apple Software Update

AVG 9.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

Borderlands

CCleaner

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Digsby

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

Download Updater (AOL LLC)

DVDFab 6.0.2.2 (June 26, 2009)

FileZilla Client 3.2.7.1

Google Gmail Notifier

HiJackThis

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954708)

HP Memories Disc

hp officejet 6100 series

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp officejet 6100 series

IBP 11.5

Java 6 Update 14

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.6.3)

MSVCRT

MyScribe

Nero Suite

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA PhysX v8.10.29

PDF Settings

QuickTime

Realtek AC'97 Audio

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Segoe UI

Skype

Link to post
Share on other sites

Step 1:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 2:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. ComboFix log

Link to post
Share on other sites

I'm having problems getting the combofix to work, when it starts, it says "some files could not be created" and that the computer needs to be rebooted. I restarted the computer but it's still have the same error message.

Link to post
Share on other sites

because i have 2 versions of windows i currently only use winxp instead of win7, so when i try to go into safe mode it will make me go into win7. I did attempt to open combofix again after deleting it, and the blue pop up screen shows up.

however the screen just says, "please wait. combofix is preparing to run. Attempting to creat a new restore point"

after that it just stays like that and nothing happens

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

OTL logfile created on: 5/22/2010 6:13:54 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\JB\Desktop\Anti Spyware Programs

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 76.68 Gb Total Space | 14.45 Gb Free Space | 18.84% Space Free | Partition Type: NTFS

Drive D: | 37.56 Gb Total Space | 3.96 Gb Free Space | 10.54% Space Free | Partition Type: NTFS

Drive E: | 195.32 Gb Total Space | 10.63 Gb Free Space | 5.44% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: WHITETIGER

Current User Name: JB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Documents and Settings\JB\Desktop\Anti Spyware Programs\OTL.exe (OldTimer Tools)

PRC - D:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Program Files\AIM\aim.exe (AOL Inc.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - D:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd)

PRC - D:\Program Files\UltraMon\UltraMon.exe (Realtime Soft Ltd)

PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - D:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()

PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)

PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)

PRC - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)

PRC - D:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

PRC - D:\Program Files\HP\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)

PRC - D:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)

PRC - D:\Program Files\HP\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\JB\Desktop\Anti Spyware Programs\OTL.exe (OldTimer Tools)

MOD - D:\Program Files\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd)

MOD - D:\Program Files\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)

MOD - D:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll (Microsoft Corporation)

MOD - D:\WINDOWS\system32\msi.dll (Microsoft Corporation)

MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- File not found

SRV - (avgfws9) -- D:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVGIDSAgent) -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (StumbleUponUpdateService) -- D:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)

SRV - (getPlus® Helper) getPlus® -- D:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (Adobe Version Cue CS3) -- D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)

SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ()

SRV - (nSvcIp) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)

SRV - (nSvcLog) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)

SRV - (ForcewareWebInterface) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- D:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSErHrxpx) -- D:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )

DRV - (AvgRkx86) -- D:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- D:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- D:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSDriverxpx) -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilterxpx) -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShimxpx) -- D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgfwfd) -- D:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgfwdx) -- D:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AFS2K) -- D:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (SASKUTIL) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (sptd) -- D:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (SASDIFSV) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (UltraMonUtility) -- D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd)

DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (Cdralw2k) -- D:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- D:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (AmdK8) -- D:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (DLAUDFAM) -- D:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- D:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- D:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- D:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- D:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- D:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- D:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DRVMCDB) -- D:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- D:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- D:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (DRVNDDM) -- D:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)

DRV - (nvata) -- D:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- D:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- D:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (NVTCP) -- D:\WINDOWS\system32\drivers\NVTCP.SYS (NVIDIA Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (MTsensor) -- D:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (ms_mpu401) -- D:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (USRpdA) -- D:\WINDOWS\system32\drivers\USRpdA.sys (U.S. Robotics Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=10-05-2010&tb_mrud=10-05-2010"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.7.1

FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6

FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9

FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:1.9.9.5

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.0.7

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496

FF - prefs.js..extensions.enabledItems: {B49315D5-43FF-48CB-B1BD-FAFC310D0B36}:1.9.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=10-05-2010&tb_mrud=10-05-2010&query="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKLM\software\mozilla\Firefox\extensions\\{B49315D5-43FF-48CB-B1BD-FAFC310D0B36}: D:\Documents and Settings\JB\Local Settings\Application Data\{B49315D5-43FF-48CB-B1BD-FAFC310D0B36} [2010/05/15 04:01:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Program Files\AVG\AVG9\Firefox [2010/05/17 20:51:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/24 16:33:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/21 15:13:39 | 000,000,000 | ---D | M]

[2009/06/29 05:31:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Extensions

[2009/06/29 05:31:27 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\JB\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/05/21 17:58:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions

[2009/11/08 14:07:15 | 000,000,000 | ---D | M] (SeoQuake) -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

[2009/12/04 02:46:35 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2010/04/16 03:41:18 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/04/15 02:39:10 | 000,000,000 | ---D | M] (Pearl Crescent Page Saver Basic) -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}

[2010/05/06 02:16:09 | 000,000,000 | ---D | M] (Page Speed) -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}

[2010/05/07 05:36:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\firebug@software.joehewitt.com

[2010/05/12 20:32:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\firefox-extension@shareaholic.com

[2010/02/20 21:48:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\LogMeInClient@logmein.com

[2010/03/13 22:57:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\toolbar@alexa.com

[2010/03/07 02:43:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\yslow@yahoo-inc.com

[2010/05/12 20:32:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\firefox-extension@shareaholic.com\chrome

[2010/05/12 20:32:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\extensions\firefox-extension@shareaholic.com\defaults

[2009/08/21 21:15:53 | 000,002,194 | ---- | M] () -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\searchplugins\alexa-site-info.xml

[2010/05/10 14:27:52 | 000,002,343 | ---- | M] () -- D:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\b5amuofn.default\searchplugins\aol-search.xml

[2010/05/21 17:58:21 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions

[2010/04/01 22:53:12 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/01/09 01:18:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2008/11/30 05:21:42 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

[2009/02/16 18:17:07 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009/03/26 18:06:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/10 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2010/04/01 22:53:12 | 000,023,000 | ---- | M] (Mozilla Foundation) -- D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/04/01 22:53:12 | 000,138,712 | ---- | M] (Mozilla Foundation) -- D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/05/21 11:33:58 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/13 17:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- D:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- D:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- D:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/04/01 22:53:12 | 000,064,984 | ---- | M] (mozilla.org) -- D:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/05/10 22:52:33 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2008/12/01 12:01:02 | 000,114,540 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/01/15 17:13:03 | 000,001,394 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/15 17:13:03 | 000,002,193 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/15 17:13:03 | 000,001,534 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/15 17:13:03 | 000,002,344 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/15 17:13:03 | 000,002,371 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/15 17:13:03 | 000,001,178 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/15 17:13:03 | 000,001,096 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/22 15:24:34 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [Aim] D:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [iBP] File not found

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = D:\Program Files\HP\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = D:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1229315438812 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1229315425578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - D:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - D:\WINDOWS\System32\WgaLogon.dll ()

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: D:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: D:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - D:\WINDOWS\system32\ias [2008/09/07 17:07:19 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: yuwzeqyx - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 13:45:05 | 000,050,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\proquota.exe

[2010/05/22 13:45:05 | 000,050,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\proquota.exe

[2010/05/22 13:45:05 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp

[2010/05/22 13:28:13 | 000,000,000 | --SD | C] -- D:\Combo-Fix

[2010/05/22 05:13:21 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe

[2010/05/22 05:13:21 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe

[2010/05/22 05:13:21 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe

[2010/05/22 05:13:21 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe

[2010/05/22 05:05:50 | 000,000,000 | ---D | C] -- D:\Qoobox

[2010/05/21 12:56:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/05/21 12:56:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Application Data\Adobe

[2010/05/20 10:05:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\JB\Application Data\AVG9

[2010/05/18 21:16:56 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- D:\WINDOWS\System32\drivers\tmcomm.sys

[2010/05/18 21:11:20 | 000,000,000 | ---D | C] -- D:\Program Files\TrendMicro

[2010/05/18 14:42:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2010/05/17 20:53:44 | 000,000,000 | -H-D | C] -- D:\$AVG

[2010/05/17 20:53:24 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgrsstx.dll

[2010/05/17 20:53:23 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/17 20:53:11 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\Avg

[2010/05/17 20:51:37 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- D:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2010/05/17 20:51:36 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgrkx86.sys

[2010/05/17 20:51:33 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/17 20:51:32 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/17 20:51:11 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgfwdx.dll

[2010/05/17 20:51:11 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgfwdx.sys

[2010/05/17 20:49:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\avg9

[2010/05/17 15:55:59 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\JB\Recent

[2010/05/17 12:12:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/17 12:12:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/15 04:01:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\JB\Local Settings\Application Data\{B49315D5-43FF-48CB-B1BD-FAFC310D0B36}

[2010/05/15 03:58:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\msapps

[2010/05/11 18:11:16 | 000,000,000 | ---D | C] -- D:\Program Files\CardPlayer

[2010/05/11 18:11:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\CardPlayer

[2010/05/10 14:25:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Software Update Utility

[2010/05/10 14:24:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AIM

[2010/05/10 14:24:49 | 000,000,000 | ---D | C] -- D:\Program Files\AIM

[7 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 18:12:13 | 060,290,511 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/22 18:08:05 | 000,002,255 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk

[2010/05/22 18:08:03 | 000,186,500 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml

[2010/05/22 18:07:59 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job

[2010/05/22 18:07:49 | 000,000,966 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-412668190-839522115-1003UA.job

[2010/05/22 18:07:49 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

[2010/05/22 18:07:46 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010/05/22 15:24:34 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts

[2010/05/22 13:46:39 | 017,039,360 | ---- | M] () -- D:\Documents and Settings\JB\ntuser.dat

[2010/05/22 13:46:39 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\JB\ntuser.ini

[2010/05/22 03:05:00 | 000,000,914 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-412668190-839522115-1003Core.job

[2010/05/21 18:45:50 | 000,590,284 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2010/05/21 15:11:48 | 000,071,798 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\JavaRa.zip

[2010/05/19 17:11:09 | 000,002,228 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010/05/18 21:16:56 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\System32\drivers\tmcomm.sys

[2010/05/18 21:11:57 | 000,002,435 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\HiJackThis.lnk

[2010/05/18 11:37:06 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/05/17 20:53:26 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgrsstx.dll

[2010/05/17 20:53:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/17 20:53:22 | 000,113,461 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/17 20:51:37 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- D:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2010/05/17 20:51:36 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgrkx86.sys

[2010/05/17 20:51:34 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/17 20:51:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/17 20:51:11 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\avgfwdx.dll

[2010/05/17 20:51:11 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\System32\drivers\avgfwdx.sys

[2010/05/17 20:37:02 | 000,000,120 | ---- | M] () -- D:\WINDOWS\Hzemuyumogavimov.dat

[2010/05/17 16:42:09 | 000,000,316 | ---- | M] () -- D:\WINDOWS\wininit.ini

[2010/05/17 12:33:48 | 000,000,000 | ---- | M] () -- D:\WINDOWS\Ltewozuzeqijiwaw.bin

[2010/05/16 17:24:19 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini

[2010/05/11 18:11:36 | 000,001,774 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SpadeClub Poker.lnk

[2010/05/10 14:24:56 | 000,001,107 | -H-- | M] () -- D:\IPH.PH

[2010/05/10 11:45:02 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\TE-payment-agreement.doc

[2010/05/07 06:44:43 | 000,029,696 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\timelesselements.doc

[2010/05/06 02:32:37 | 000,392,355 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.20100517-160151.backup

[2010/05/02 23:59:31 | 001,663,002 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\EP2010May03-0101.csv

[2010/05/02 18:42:51 | 000,196,608 | ---- | M] () -- D:\Documents and Settings\JB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys

[2010/04/27 01:52:27 | 000,988,828 | ---- | M] () -- D:\Documents and Settings\JB\Desktop\Re_ Wholesale Inquiry.zip

[2010/04/26 20:43:05 | 000,041,472 | ---- | M] () -- D:\Documents and Settings\JB\My Documents\resume.doc

[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- D:\WINDOWS\PEV.exe

[7 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 05:13:21 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe

[2010/05/22 05:13:21 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe

[2010/05/22 05:13:21 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe

[2010/05/22 05:13:21 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe

[2010/05/22 05:13:21 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe

[2010/05/21 15:11:52 | 000,071,798 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\JavaRa.zip

[2010/05/18 21:11:21 | 000,002,435 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\HiJackThis.lnk

[2010/05/17 20:53:22 | 000,590,284 | ---- | C] () -- D:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2010/05/17 20:53:22 | 000,113,461 | ---- | C] () -- D:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/17 20:53:11 | 060,290,511 | ---- | C] () -- D:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/15 04:01:43 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Hzemuyumogavimov.dat

[2010/05/15 04:01:43 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Ltewozuzeqijiwaw.bin

[2010/05/11 18:11:36 | 000,001,774 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SpadeClub Poker.lnk

[2010/05/09 03:31:04 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\TE-payment-agreement.doc

[2010/05/07 06:15:37 | 000,029,696 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\timelesselements.doc

[2010/05/02 23:54:53 | 001,663,002 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\EP2010May03-0101.csv

[2010/04/27 01:52:33 | 000,988,828 | ---- | C] () -- D:\Documents and Settings\JB\Desktop\Re_ Wholesale Inquiry.zip

[2009/11/03 23:26:30 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/10/26 12:49:45 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI

[2009/07/16 06:13:02 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys

[2008/10/30 01:15:03 | 000,002,320 | ---- | C] () -- D:\WINDOWS\System32\Servmess.dll

[2008/10/19 19:59:44 | 000,000,316 | ---- | C] () -- D:\WINDOWS\wininit.ini

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll

[2008/09/09 01:01:05 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\AVSredirect.dll

[2008/09/08 19:38:58 | 002,463,976 | ---- | C] () -- D:\WINDOWS\System32\NPSWF32.dll

[2008/09/08 18:03:56 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini

[2008/09/08 01:56:14 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI

[2008/09/08 01:49:57 | 000,000,169 | ---- | C] () -- D:\WINDOWS\RtlRack.ini

[2008/09/08 01:22:12 | 000,000,164 | ---- | C] () -- D:\WINDOWS\avrack.ini

[2008/09/08 01:22:08 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll

[2008/09/08 00:52:12 | 000,000,266 | R--- | C] () -- D:\WINDOWS\System32\raidmgmt.ini

[2008/09/08 00:51:50 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys

[2008/09/08 00:51:49 | 000,005,850 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini

[2008/09/08 00:51:48 | 000,005,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/09/05 23:30:42 | 000,003,584 | ---- | C] () -- D:\WINDOWS\System32\WgaLogon.dll

[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll

[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- D:\WINDOWS\System32\nview.dll

[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll

[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll

[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll

[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL

[2002/12/04 01:24:26 | 000,561,152 | ---- | C] () -- D:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2008/09/08 02:11:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\acccore

[2010/05/10 14:24:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AIM

[2010/05/18 13:12:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9

[2010/05/11 18:11:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\CardPlayer

[2010/05/18 13:09:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP

[2009/08/18 02:39:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010/05/21 15:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/10/27 18:32:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WinZip

[2009/08/18 02:37:34 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2008/09/08 02:11:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\acccore

[2010/05/20 10:05:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\AVG9

[2010/04/16 02:22:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Facebook

[2010/05/20 16:42:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\FileZilla

[2009/03/03 04:01:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\flashpaste

[2009/11/16 03:22:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\GameRanger

[2009/01/19 22:46:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\GrabPro

[2010/05/12 13:02:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\IBP

[2009/06/17 06:55:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\MSNInstaller

[2009/12/06 13:32:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\MyScribe

[2009/02/04 20:47:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Orbit

[2008/12/20 08:03:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\PPStream

[2010/05/22 13:25:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\StumbleUpon

[2009/08/18 02:39:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\TuneUp Software

[2009/10/06 20:25:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1

[2009/12/21 01:32:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/04/28 02:43:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\uTorrent

[2009/07/16 05:38:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\JB\Application Data\Vso

[2010/02/01 19:33:27 | 000,000,322 | ---- | M] () -- D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1257122901.job

[2010/05/22 18:07:59 | 000,000,260 | ---- | M] () -- D:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/09/04 10:59:07 | 000,000,000 | ---- | M] () -- D:\backup.reg

[2009/02/20 14:05:33 | 000,000,494 | ---- | M] () -- D:\hpfr5550.xml

[2010/05/10 14:24:56 | 000,001,107 | -H-- | M] () -- D:\IPH.PH

[2010/05/22 18:07:42 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll

[2009/07/03 10:09:23 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\iepeers.dll

[5 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/09/07 17:09:48 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav

[2008/09/07 17:09:48 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav

[2008/09/07 17:09:48 | 000,909,312 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/05/17 20:51:11 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\system32\drivers\avgfwdx.sys

[2010/05/17 20:51:37 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- D:\WINDOWS\system32\drivers\AVGIDSxx.sys

[2010/05/17 20:51:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\system32\drivers\avgldx86.sys

[2010/05/17 20:53:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\system32\drivers\avgmfx86.sys

[2010/05/17 20:51:36 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\system32\drivers\avgrkx86.sys

[2010/05/17 20:51:34 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\WINDOWS\system32\drivers\avgtdix.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2010/05/18 21:16:56 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- D:\WINDOWS\system32\drivers\tmcomm.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:94EAB850

@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EA029835

@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A

@Alternate Data Stream - 118 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 5/22/2010 6:13:54 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\JB\Desktop\Anti Spyware Programs

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 76.68 Gb Total Space | 14.45 Gb Free Space | 18.84% Space Free | Partition Type: NTFS

Drive D: | 37.56 Gb Total Space | 3.96 Gb Free Space | 10.54% Space Free | Partition Type: NTFS

Drive E: | 195.32 Gb Total Space | 10.63 Gb Free Space | 5.44% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: xx

Current User Name: JB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"D:\Program Files\MSN Messenger\livecall.exe" = D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"D:\Program Files\Common Files\AOL\Loader\aolload.exe" = D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"D:\Program Files\AIM6\aim6.exe" = D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found

"D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = D:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

OTL Extras logfile created on: 5/22/2010 6:13:54 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\JB\Desktop\Anti Spyware Programs

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 76.68 Gb Total Space | 14.45 Gb Free Space | 18.84% Space Free | Partition Type: NTFS

Drive D: | 37.56 Gb Total Space | 3.96 Gb Free Space | 10.54% Space Free | Partition Type: NTFS

Drive E: | 195.32 Gb Total Space | 10.63 Gb Free Space | 5.44% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: xx

Current User Name: JB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"D:\Program Files\MSN Messenger\livecall.exe" = D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"D:\Program Files\Common Files\AOL\Loader\aolload.exe" = D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"D:\Program Files\AIM6\aim6.exe" = D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found

"D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = D:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

04:57:08:718 5396 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17

04:57:08:718 5396 ================================================================================

04:57:08:718 5396 SystemInfo:

04:57:08:718 5396 OS Version: 5.1.2600 ServicePack: 3.0

04:57:08:718 5396 Product type: Workstation

04:57:08:718 5396 ComputerName: xx

04:57:08:718 5396 UserName: JB

04:57:08:718 5396 Windows directory: D:\WINDOWS

04:57:08:718 5396 Processor architecture: Intel x86

04:57:08:718 5396 Number of processors: 1

04:57:08:718 5396 Page size: 0x1000

04:57:08:718 5396 Boot type: Normal boot

04:57:08:718 5396 ================================================================================

04:57:08:734 5396 UnloadDriverW: NtUnloadDriver error 2

04:57:08:734 5396 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2

04:57:08:796 5396 wfopen_ex: Trying to open file D:\WINDOWS\system32\config\system

04:57:08:796 5396 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

04:57:08:796 5396 wfopen_ex: Trying to KLMD file open

04:57:08:796 5396 wfopen_ex: File opened ok (Flags 2)

04:57:08:796 5396 wfopen_ex: Trying to open file D:\WINDOWS\system32\config\software

04:57:08:796 5396 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

04:57:08:796 5396 wfopen_ex: Trying to KLMD file open

04:57:08:796 5396 wfopen_ex: File opened ok (Flags 2)

04:57:08:796 5396 KLAVA engine initialized

04:57:09:046 5396 Initialize success

04:57:09:046 5396

04:57:09:046 5396 Scanning Services ...

04:57:09:093 5396 Raw services enum returned 346 services

04:57:09:093 5396

04:57:09:093 5396 Scanning Drivers ...

04:57:09:218 5396 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys

04:57:09:250 5396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys

04:57:09:296 5396 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys

04:57:09:343 5396 AFD (7e775010ef291da96ad17ca4b17137d7) D:\WINDOWS\System32\drivers\afd.sys

04:57:09:375 5396 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) D:\WINDOWS\system32\drivers\AFS2K.sys

04:57:09:500 5396 ALCXWDM (933933288df5ed26d1928215c97d05c7) D:\WINDOWS\system32\drivers\ALCXWDM.SYS

04:57:09:625 5396 AmdK8 (efbb0956baed786e137351b5ca272aef) D:\WINDOWS\system32\DRIVERS\AmdK8.sys

04:57:09:671 5396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys

04:57:09:703 5396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys

04:57:09:750 5396 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys

04:57:09:781 5396 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys

04:57:09:812 5396 Avgfwdx (fa6336f05695e39995884d0c959c9608) D:\WINDOWS\system32\DRIVERS\avgfwdx.sys

04:57:09:812 5396 Avgfwfd (fa6336f05695e39995884d0c959c9608) D:\WINDOWS\system32\DRIVERS\avgfwdx.sys

04:57:09:921 5396 AVGIDSDriverxpx (56206c641454aba963151329f9363003) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys

04:57:09:953 5396 AVGIDSErHrxpx (5f76534d86f5d87902bd8cca3d651e8e) D:\WINDOWS\system32\Drivers\AVGIDSxx.sys

04:57:09:968 5396 AVGIDSFilterxpx (8ee3a628ea3c6d5569cc3b3a94ec86b8) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys

04:57:09:984 5396 AVGIDSShimxpx (d5b81f9ee6361ebc8df702569da01370) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

04:57:10:031 5396 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) D:\WINDOWS\system32\Drivers\avgldx86.sys

04:57:10:046 5396 AvgMfx86 (f9caeec3ff1545991f490264429724c5) D:\WINDOWS\system32\Drivers\avgmfx86.sys

04:57:10:078 5396 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) D:\WINDOWS\system32\Drivers\avgrkx86.sys

04:57:10:093 5396 AvgTdiX (cf9ac576490bb6c547cd16ef0b782358) D:\WINDOWS\system32\Drivers\avgtdix.sys

04:57:10:125 5396 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys

04:57:10:218 5396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys

04:57:10:250 5396 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys

04:57:10:265 5396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys

04:57:10:312 5396 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) D:\WINDOWS\system32\drivers\Cdr4_xp.sys

04:57:10:328 5396 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) D:\WINDOWS\system32\drivers\Cdralw2k.sys

04:57:10:359 5396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys

04:57:10:437 5396 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys

04:57:10:484 5396 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) D:\WINDOWS\system32\DLA\DLABOIOM.SYS

04:57:10:515 5396 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) D:\WINDOWS\system32\Drivers\DLACDBHM.SYS

04:57:10:562 5396 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) D:\WINDOWS\system32\DLA\DLADResN.SYS

04:57:10:578 5396 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) D:\WINDOWS\system32\DLA\DLAIFS_M.SYS

04:57:10:593 5396 DLAOPIOM (be8d558cf749424f0de612813f7c6725) D:\WINDOWS\system32\DLA\DLAOPIOM.SYS

04:57:10:609 5396 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) D:\WINDOWS\system32\DLA\DLAPoolM.SYS

04:57:10:625 5396 DLARTL_N (693dfd92d41a3d270053cd97834e4960) D:\WINDOWS\system32\Drivers\DLARTL_N.SYS

04:57:10:640 5396 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) D:\WINDOWS\system32\DLA\DLAUDFAM.SYS

04:57:10:671 5396 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) D:\WINDOWS\system32\DLA\DLAUDF_M.SYS

04:57:10:718 5396 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys

04:57:10:765 5396 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys

04:57:10:796 5396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys

04:57:10:828 5396 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys

04:57:10:859 5396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys

04:57:10:890 5396 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) D:\WINDOWS\system32\Drivers\DRVMCDB.SYS

04:57:10:921 5396 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) D:\WINDOWS\system32\Drivers\DRVNDDM.SYS

04:57:10:937 5396 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys

04:57:10:968 5396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys

04:57:11:000 5396 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys

04:57:11:015 5396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys

04:57:11:046 5396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys

04:57:11:078 5396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys

04:57:11:093 5396 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys

04:57:11:125 5396 gameenum (065639773d8b03f33577f6cdaea21063) D:\WINDOWS\system32\DRIVERS\gameenum.sys

04:57:11:156 5396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys

04:57:11:187 5396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys

04:57:11:218 5396 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) D:\WINDOWS\system32\DRIVERS\HPZid412.sys

04:57:11:250 5396 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) D:\WINDOWS\system32\DRIVERS\HPZipr12.sys

04:57:11:281 5396 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) D:\WINDOWS\system32\DRIVERS\HPZius12.sys

04:57:11:375 5396 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) D:\WINDOWS\system32\Drivers\HTTP.sys

04:57:11:421 5396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys

04:57:11:468 5396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys

04:57:11:562 5396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys

04:57:11:609 5396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

04:57:11:718 5396 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys

04:57:11:875 5396 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys

04:57:12:046 5396 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys

04:57:12:187 5396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys

04:57:12:359 5396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys

04:57:12:531 5396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys

04:57:12:687 5396 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys

04:57:12:953 5396 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys

04:57:13:031 5396 KSecDD (1705745d900dabf2d89f90ebaddc7517) D:\WINDOWS\system32\drivers\KSecDD.sys

04:57:13:125 5396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys

04:57:13:187 5396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys

04:57:13:250 5396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys

04:57:13:343 5396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys

04:57:13:406 5396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys

04:57:13:531 5396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys

04:57:13:671 5396 MRxSmb (60ae98742484e7ab80c3c1450e708148) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys

04:57:13:734 5396 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys

04:57:13:843 5396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys

04:57:13:906 5396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys

04:57:14:000 5396 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys

04:57:14:062 5396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys

04:57:14:125 5396 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) D:\WINDOWS\system32\drivers\msmpu401.sys

04:57:14:203 5396 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) D:\WINDOWS\system32\DRIVERS\ASACPI.sys

04:57:14:234 5396 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys

04:57:14:312 5396 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys

04:57:14:406 5396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys

04:57:14:468 5396 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys

04:57:14:578 5396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys

04:57:14:656 5396 NDProxy (6215023940cfd3702b46abc304e1d45a) D:\WINDOWS\system32\drivers\NDProxy.sys

04:57:14:765 5396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys

04:57:14:906 5396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys

04:57:15:031 5396 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys

04:57:15:171 5396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys

Link to post
Share on other sites

ok i ran it again here it is:

05:42:16:890 5708 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17

05:42:16:890 5708 ================================================================================

05:42:16:890 5708 SystemInfo:

05:42:16:890 5708 OS Version: 5.1.2600 ServicePack: 3.0

05:42:16:890 5708 Product type: Workstation

05:42:16:890 5708 ComputerName: xx

05:42:16:890 5708 UserName: JB

05:42:16:890 5708 Windows directory: D:\WINDOWS

05:42:16:890 5708 Processor architecture: Intel x86

05:42:16:890 5708 Number of processors: 1

05:42:16:890 5708 Page size: 0x1000

05:42:16:890 5708 Boot type: Normal boot

05:42:16:890 5708 ================================================================================

05:42:16:906 5708 UnloadDriverW: NtUnloadDriver error 2

05:42:16:906 5708 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2

05:42:16:921 5708 wfopen_ex: Trying to open file D:\WINDOWS\system32\config\system

05:42:16:921 5708 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

05:42:16:921 5708 wfopen_ex: Trying to KLMD file open

05:42:16:921 5708 wfopen_ex: File opened ok (Flags 2)

05:42:16:921 5708 wfopen_ex: Trying to open file D:\WINDOWS\system32\config\software

05:42:16:921 5708 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

05:42:16:921 5708 wfopen_ex: Trying to KLMD file open

05:42:16:921 5708 wfopen_ex: File opened ok (Flags 2)

05:42:16:921 5708 KLAVA engine initialized

05:42:17:156 5708 Initialize success

05:42:17:156 5708

05:42:17:156 5708 Scanning Services ...

05:42:17:203 5708 Raw services enum returned 346 services

05:42:17:203 5708

05:42:17:203 5708 Scanning Drivers ...

05:42:17:312 5708 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys

05:42:17:343 5708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys

05:42:17:375 5708 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys

05:42:17:406 5708 AFD (7e775010ef291da96ad17ca4b17137d7) D:\WINDOWS\System32\drivers\afd.sys

05:42:17:437 5708 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) D:\WINDOWS\system32\drivers\AFS2K.sys

05:42:17:546 5708 ALCXWDM (933933288df5ed26d1928215c97d05c7) D:\WINDOWS\system32\drivers\ALCXWDM.SYS

05:42:17:593 5708 AmdK8 (efbb0956baed786e137351b5ca272aef) D:\WINDOWS\system32\DRIVERS\AmdK8.sys

05:42:17:640 5708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys

05:42:17:671 5708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys

05:42:17:703 5708 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys

05:42:17:718 5708 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys

05:42:17:765 5708 Avgfwdx (fa6336f05695e39995884d0c959c9608) D:\WINDOWS\system32\DRIVERS\avgfwdx.sys

05:42:17:765 5708 Avgfwfd (fa6336f05695e39995884d0c959c9608) D:\WINDOWS\system32\DRIVERS\avgfwdx.sys

05:42:17:859 5708 AVGIDSDriverxpx (56206c641454aba963151329f9363003) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys

05:42:17:890 5708 AVGIDSErHrxpx (5f76534d86f5d87902bd8cca3d651e8e) D:\WINDOWS\system32\Drivers\AVGIDSxx.sys

05:42:17:906 5708 AVGIDSFilterxpx (8ee3a628ea3c6d5569cc3b3a94ec86b8) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys

05:42:17:937 5708 AVGIDSShimxpx (d5b81f9ee6361ebc8df702569da01370) D:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

05:42:17:968 5708 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) D:\WINDOWS\system32\Drivers\avgldx86.sys

05:42:17:984 5708 AvgMfx86 (f9caeec3ff1545991f490264429724c5) D:\WINDOWS\system32\Drivers\avgmfx86.sys

05:42:18:015 5708 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) D:\WINDOWS\system32\Drivers\avgrkx86.sys

05:42:18:031 5708 AvgTdiX (cf9ac576490bb6c547cd16ef0b782358) D:\WINDOWS\system32\Drivers\avgtdix.sys

05:42:18:062 5708 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys

05:42:18:156 5708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys

05:42:18:187 5708 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys

05:42:18:203 5708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys

05:42:18:250 5708 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) D:\WINDOWS\system32\drivers\Cdr4_xp.sys

05:42:18:250 5708 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) D:\WINDOWS\system32\drivers\Cdralw2k.sys

05:42:18:281 5708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys

05:42:18:359 5708 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys

05:42:18:406 5708 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) D:\WINDOWS\system32\DLA\DLABOIOM.SYS

05:42:18:437 5708 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) D:\WINDOWS\system32\Drivers\DLACDBHM.SYS

05:42:18:484 5708 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) D:\WINDOWS\system32\DLA\DLADResN.SYS

05:42:18:500 5708 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) D:\WINDOWS\system32\DLA\DLAIFS_M.SYS

05:42:18:515 5708 DLAOPIOM (be8d558cf749424f0de612813f7c6725) D:\WINDOWS\system32\DLA\DLAOPIOM.SYS

05:42:18:531 5708 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) D:\WINDOWS\system32\DLA\DLAPoolM.SYS

05:42:18:546 5708 DLARTL_N (693dfd92d41a3d270053cd97834e4960) D:\WINDOWS\system32\Drivers\DLARTL_N.SYS

05:42:18:562 5708 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) D:\WINDOWS\system32\DLA\DLAUDFAM.SYS

05:42:18:578 5708 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) D:\WINDOWS\system32\DLA\DLAUDF_M.SYS

05:42:18:625 5708 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys

05:42:18:671 5708 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys

05:42:18:703 5708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys

05:42:18:734 5708 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys

05:42:18:765 5708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys

05:42:18:781 5708 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) D:\WINDOWS\system32\Drivers\DRVMCDB.SYS

05:42:18:796 5708 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) D:\WINDOWS\system32\Drivers\DRVNDDM.SYS

05:42:18:828 5708 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys

05:42:18:859 5708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys

05:42:18:875 5708 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys

05:42:18:906 5708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys

05:42:18:937 5708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys

05:42:18:953 5708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys

05:42:18:984 5708 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys

05:42:19:000 5708 gameenum (065639773d8b03f33577f6cdaea21063) D:\WINDOWS\system32\DRIVERS\gameenum.sys

05:42:19:031 5708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys

05:42:19:078 5708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys

05:42:19:109 5708 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) D:\WINDOWS\system32\DRIVERS\HPZid412.sys

05:42:19:140 5708 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) D:\WINDOWS\system32\DRIVERS\HPZipr12.sys

05:42:19:171 5708 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) D:\WINDOWS\system32\DRIVERS\HPZius12.sys

05:42:19:203 5708 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) D:\WINDOWS\system32\Drivers\HTTP.sys

05:42:19:250 5708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys

05:42:19:265 5708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys

05:42:19:312 5708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys

05:42:19:328 5708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

05:42:19:359 5708 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys

05:42:19:390 5708 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys

05:42:19:421 5708 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys

05:42:19:453 5708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys

05:42:19:484 5708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys

05:42:19:500 5708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys

05:42:19:531 5708 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys

05:42:19:562 5708 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys

05:42:19:593 5708 KSecDD (1705745d900dabf2d89f90ebaddc7517) D:\WINDOWS\system32\drivers\KSecDD.sys

05:42:19:625 5708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys

05:42:19:640 5708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys

05:42:19:671 5708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys

05:42:19:703 5708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys

05:42:19:718 5708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys

05:42:19:765 5708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys

05:42:19:796 5708 MRxSmb (60ae98742484e7ab80c3c1450e708148) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys

05:42:19:828 5708 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys

05:42:19:859 5708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys

05:42:19:875 5708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys

05:42:19:906 5708 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys

05:42:19:937 5708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys

05:42:19:968 5708 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) D:\WINDOWS\system32\drivers\msmpu401.sys

05:42:20:000 5708 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) D:\WINDOWS\system32\DRIVERS\ASACPI.sys

05:42:20:031 5708 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys

05:42:20:062 5708 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys

05:42:20:093 5708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys

05:42:20:109 5708 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys

05:42:20:140 5708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys

05:42:20:156 5708 NDProxy (6215023940cfd3702b46abc304e1d45a) D:\WINDOWS\system32\drivers\NDProxy.sys

05:42:20:187 5708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys

05:42:20:218 5708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys

05:42:20:234 5708 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys

05:42:20:281 5708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys

05:42:20:296 5708 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys

05:42:20:500 5708 nv (9f4384aa43548ddd438f7b7825d11699) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys

05:42:20:625 5708 nvata (dce353985c988bfb7e84fd942068151f) D:\WINDOWS\system32\DRIVERS\nvata.sys

05:42:20:640 5708 NVENETFD (720cc533eecb65553bd86b139ca04433) D:\WINDOWS\system32\DRIVERS\NVENETFD.sys

05:42:20:671 5708 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) D:\WINDOWS\system32\DRIVERS\nvnetbus.sys

05:42:20:703 5708 NVTCP (525799e14ad20365e61b2d93933b08c6) D:\WINDOWS\system32\DRIVERS\NVTcp.sys

05:42:20:734 5708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

05:42:20:750 5708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

05:42:20:765 5708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\DRIVERS\parport.sys

05:42:20:796 5708 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys

05:42:20:828 5708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys

05:42:20:859 5708 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys

05:42:20:890 5708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys

05:42:20:921 5708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys

05:42:20:953 5708 pcouffin (5b6c11de7e839c05248ced8825470fef) D:\WINDOWS\system32\Drivers\pcouffin.sys

05:42:21:015 5708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys

05:42:21:046 5708 Processor (a32bebaf723557681bfc6bd93e98bd26) D:\WINDOWS\system32\DRIVERS\processr.sys

05:42:21:078 5708 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys

05:42:21:093 5708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys

05:42:21:125 5708 PxHelp20 (153d02480a0a2f45785522e814c634b6) D:\WINDOWS\system32\Drivers\PxHelp20.sys

05:42:21:187 5708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys

05:42:21:203 5708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys

05:42:21:234 5708 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys

05:42:21:250 5708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys

05:42:21:281 5708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys

05:42:21:296 5708 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys

05:42:21:328 5708 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys

05:42:21:359 5708 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys

05:42:21:375 5708 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys

05:42:21:437 5708 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

05:42:21:468 5708 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) D:\Program Files\SUPERAntiSpyware\SASENUM.SYS

05:42:21:500 5708 SASKUTIL (c7d81c10d3befeee41f3408714637438) D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

05:42:21:515 5708 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys

05:42:21:546 5708 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys

05:42:21:578 5708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\DRIVERS\serial.sys

05:42:21:593 5708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys

05:42:21:640 5708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys

05:42:21:671 5708 sptd (d15da1ba189770d93eea2d7e18f95af9) D:\WINDOWS\system32\Drivers\sptd.sys

05:42:21:671 5708 Suspicious file (NoAccess): D:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

05:42:21:703 5708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys

05:42:21:750 5708 Srv (3bb03f2ba89d2be417206c373d2af17c) D:\WINDOWS\system32\DRIVERS\srv.sys

05:42:21:781 5708 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys

05:42:21:812 5708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys

05:42:21:875 5708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys

05:42:21:921 5708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys

05:42:21:953 5708 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys

05:42:21:968 5708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys

05:42:22:000 5708 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys

05:42:22:046 5708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys

05:42:22:125 5708 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

05:42:22:156 5708 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys

05:42:22:203 5708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys

05:42:22:218 5708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys

05:42:22:250 5708 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys

05:42:22:281 5708 usbohci (0daecce65366ea32b162f85f07c6753b) D:\WINDOWS\system32\DRIVERS\usbohci.sys

05:42:22:312 5708 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys

05:42:22:359 5708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys

05:42:22:375 5708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

05:42:22:421 5708 USRpdA (497f2190e87d58fd68e559e083796edc) D:\WINDOWS\system32\DRIVERS\USRpdA.sys

05:42:22:453 5708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys

05:42:22:500 5708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys

05:42:22:531 5708 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys

05:42:22:562 5708 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys

05:42:22:593 5708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) D:\WINDOWS\System32\drivers\ws2ifsl.sys

05:42:22:625 5708 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys

05:42:22:640 5708 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys

05:42:22:640 5708

05:42:22:640 5708 Completed

05:42:22:640 5708

05:42:22:640 5708 Results:

05:42:22:640 5708 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

05:42:22:640 5708 File objects infected / cured / cured on reboot: 0 / 0 / 0

05:42:22:640 5708

05:42:22:640 5708 fclose_ex: Trying to close file D:\WINDOWS\system32\config\system

05:42:22:640 5708 fclose_ex: Trying to close file D:\WINDOWS\system32\config\software

05:42:22:640 5708 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

E:\c drive stuff\sc2\backups\backup-05-01\httpdocs\files\70_a381feaaee0358e251b750131dca1b75 probably a variant of Win32/Agent trojan deleted - quarantined

E:\Games\Starcraft\installAdvLoader-v2.1a.exe probably a variant of Win32/Agent trojan deleted - quarantined

E:\sc2\backups\backup-05-01\httpdocs\files\70_a381feaaee0358e251b750131dca1b75 probably a variant of Win32/Agent trojan deleted - quarantined

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

A0082139.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082152.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Trojan.DownLoad1.58938;Deleted.;

A0082176.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082177.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082178.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082179.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082180.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082181.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0082184.dll;D:\System Volume Information\_restore{B6685FE6-1C06-46B1-BD91-D2C28B6C6015}\RP403;Probably DLOADER.PWS.Trojan;;

A0073926.dll;E:\System Volume Information\_restore{258C7680-CBB1-4AE4-8F52-B38CC5281A99}\RP802;Probably DLOADER.Trojan;;

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:27:37 AM, on 5/26/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\AVG\AVG9\avgchsvx.exe

D:\Program Files\AVG\AVG9\avgrsx.exe

D:\Program Files\AVG\AVG9\avgcsrvx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

D:\Program Files\Microsoft IntelliType Pro\itype.exe

D:\Program Files\Google\Gmail Notifier\gnotify.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\AIM\aim.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

D:\Program Files\HP\Digital Imaging\bin\hposol08.exe

D:\Program Files\UltraMon\UltraMon.exe

D:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe

D:\Program Files\UltraMon\UltraMonTaskbar.exe

D:\Program Files\AVG\AVG9\avgwdsvc.exe

D:\Program Files\AVG\AVG9\avgfws9.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

D:\Program Files\AVG\AVG9\avgam.exe

D:\Program Files\AVG\AVG9\avgnsx.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Documents and Settings\JB\Desktop\Anti Spyware Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - D:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Aim] "D:\Program Files\AIM\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: officejet 6100.lnk = ?

O4 - Global Startup: UltraMon.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229315438812

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229315425578

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - D:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StumbleUponUpdateService - stumbleupon.com - D:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

--

End of file - 10650 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.