AV Security Suite Malware

[toivo]

Trying to help out the parents here. Both computers they have are messed up. This one definatly has a malware, not so sure about the other one, I will start another thread on that machine.

I think it is the AV Security Suite malware. I tried everything I know, but I can't get it all.

They saw a Java window launch for a split second when it installed, but was not quick enough to catch it.

We are getting the occasional random IE Launch.

AVG comes up clean, so does Malwarebytes.

Eset online scanner came up with something out of an old archive, but I don't think that is the problem.

I ran the requested programs, I am attaching the scan logs and reports.

Any help would be appreciated.

Thank you.

Logs.zip

[kahdah]

Hello toivo

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.*
  
  
  %systemroot%\*. /mp /s
  
  
  CREATERESTOREPOINT
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\System32\config\*.sav
  
  
  %systemroot%\system32\drivers\*.sys /90

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

[toivo]

You wish is my command....

Except, I have tried to post the info 6 times, and each time I hit the post button, it kills the webpages, and tell me I have connection problems.

So please forgive me, I will attempt to attache the txt files.

OTL.Txt

Extras.Txt

[kahdah]

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[toivo]

Combofix all done....

ComboFix 10-06-11.01 - Neil Hill 06/12/2010 12:28:47.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.621 [GMT -4:00]

Running from: c:\documents and settings\Neil Hill\Desktop\Working\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\Data

c:\windows\system32\Thumbs.db

c:\windows\system32\twain.dll

F:\Autorun.inf

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))

.

2010-06-10 13:00 . 2010-06-10 13:00 -------- d-----w- c:\program files\ESET

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-sh--w- c:\documents and settings\LocalService\UserData

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-06-09 20:37 . 2010-06-09 20:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-03 03:28 . 2010-06-03 03:28 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-06-03 03:28 . 2010-06-03 03:28 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-12 16:07 . 2003-02-27 14:36 49 ----a-w- c:\windows\wpd99.drv

2010-06-03 03:27 . 2008-09-24 21:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 03:27 . 2008-09-24 21:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-11 16:05 . 2010-01-18 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-10 21:51 . 2003-01-24 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-10 21:36 . 2010-05-10 21:36 -------- d-----w- c:\program files\CCleaner

2010-04-29 19:39 . 2010-01-18 16:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-01-18 16:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-16 13:39 . 2003-01-30 23:37 65408 ----a-w- c:\documents and settings\Neil Hill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-16 22:44 . 2010-03-16 22:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-16 22:43 . 2008-09-24 21:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-24 45056]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-16 22:44 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk

backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-06-21 09:58 188416 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

2006-07-21 15:43 407032 ------w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CLTNetCnService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"WZCSVC"=2 (0x2)

"FontCache3.0.0.0"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"gupdate1c9d7f75e00e742"=2 (0x2)

"Viewpoint Manager Service"=2 (0x2)

"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\dllhost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/24/2008 5:51 PM 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/24/2008 5:51 PM 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 6:44 PM 308064]

S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S4 gupdate1c9d7f75e00e742;Google Update Service (gupdate1c9d7f75e00e742);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2009 4:29 PM 133104]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:48 PM 24652]

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 20:29]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 20:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://us.mc827.mail.yahoo.com/mc/welcome?.partner=sbc&.rand=becng4k5hlsiq

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:1047

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} - hxxp://www.crystalsquid.com/games/CSGI.cab

.

.

------- File Associations -------

.

.scr=Icad.load.scr

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe

MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

MSConfigStartUp-vdpmqwgho - c:\documents and settings\neil hill\local settings\application data\gndqvgby\iyqmwit.exe

AddRemove-IntelliCAD 2001 v.3.3 Standard Edition - c:\progra~1\CADopia\INTELL~1\Uninst.isu

AddRemove-IntelliCAD 98 - c:\program files\IntelliCAD 98\System\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-12 12:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???0???X???????????0???P???? ?w? ?w)??p????????(???w????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2010-06-12 12:44:43

ComboFix-quarantined-files.txt 2010-06-12 16:44

Pre-Run: 5,556,686,848 bytes free

Post-Run: 6,594,347,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - C3BC32A9B8626B71000A3B75D18AC990

[\quote]

[kahdah]

Please click here to download Kaspersky Virus Removal Tool.

1. Double click on the file you just downloaded and let it install.
   
2. It will install to your desktop.
   
3. After that leave what is selected and put a check next to My Computer.
   
4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
   
5. Then click on Start Scan.
   
6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
   
7. When the scan is done no log will be produced.
   
8. Click on the bottom where it says Report to open the report.
   
9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
   
10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    
11. You can save this on the desktop.
    
12. Post the contents of the document in your next reply.
    

Note: This tool will self uninstall when you close it so please save the log before closing it.

[toivo]

Here is the Critical event log:

Autoscan: completed 14775 days ago (events: 3, objects: 252173, time: 02:13:19)

6/14/2010 5:20:24 PM Task started

6/14/2010 5:43:39 PM Detected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir

6/14/2010 7:33:45 PM Task completed

----------------------------------------

The Importent event log:

Autoscan: completed 14775 days ago (events: 7, objects: 252173, time: 02:13:19)

6/14/2010 5:20:24 PM Task started

6/14/2010 5:43:39 PM Detected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir

6/14/2010 5:43:40 PM Disinfected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir

6/14/2010 5:43:40 PM Disinfected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir

6/14/2010 6:36:28 PM Detected: not-a-virus:AdWare.Win32.Gator.3102 E:\xxx old backup\Old 333 Stuff\E Drive\E-Zip\E-Backup.zip/Downloads/Programs/Satellite/AGASetup0609.exe/fsg-ag.exe

6/14/2010 6:38:22 PM Deleted: not-a-virus:AdWare.Win32.Gator.3102 E:\xxx old backup\Old 333 Stuff\E Drive\E-Zip\E-Backup.zip/Downloads/Programs/Satellite/AGASetup0609.exe

6/14/2010 7:33:45 PM Task completed

I tried to attach the entire log, but I think it was too big for the clipboard or something. Let me know if you need it.

[kahdah]

That is fine it seemed to fit in one post.

Let me know how things are running.

Also let me know of any remaining issues.

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[toivo]

Seems be be running a bit better.

Overall the computer seems a little sluggish.

OTL Logs:

OTL logfile created on: 6/15/2010 8:47:03 AM - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Neil Hill\Desktop\Working

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 546.00 Mb Available Physical Memory | 53.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 22.47 Gb Total Space | 5.13 Gb Free Space | 22.84% Space Free | Partition Type: NTFS

Drive D: | 4.88 Gb Total Space | 1.26 Gb Free Space | 25.89% Space Free | Partition Type: NTFS

Drive E: | 13.96 Gb Total Space | 1.07 Gb Free Space | 7.70% Space Free | Partition Type: NTFS

Drive F: | 14.55 Gb Total Space | 2.81 Gb Free Space | 19.34% Space Free | Partition Type: NTFS

Drive G: | 111.78 Gb Total Space | 105.85 Gb Free Space | 94.69% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NEIL

Current User Name: Neil Hill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Neil Hill\Desktop\Working\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgscanx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Neil Hill\Desktop\Working\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll (Motive Communications, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (uti2mjgy) -- C:\WINDOWS\SYSTEM32\DRIVERS\uti2mjgy.sys ()

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (78607952) -- C:\WINDOWS\system32\DRIVERS\78607952.sys (Kaspersky Lab)

DRV - (setup_9.0.0.722_12.06.2010_23-38drv) -- C:\WINDOWS\SYSTEM32\DRIVERS\7860795.sys (Kaspersky Lab)

DRV - (78607951) -- C:\WINDOWS\SYSTEM32\DRIVERS\78607951.sys (Kaspersky Lab)

DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)

DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)

DRV - (Ser2pl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)

DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Roxio)

DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Roxio)

DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)

DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

DRV - (Sntnlusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.)

DRV - (PQNTDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\PQNTDRV.sys (PowerQuest Corporation)

DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)

DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio)

DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio)

DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio)

DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

DRV - (UdfReadr) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys (Adaptec)

DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc827.mail.yahoo.com/mc/welcome?...d=becng4k5hlsiq

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 03:01:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/13 09:48:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/12 12:41:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)

O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Neil Hill\Start Menu\Programs\Startup\setup_9.0.0.722_12.06.2010_23-38.lnk = C:\Documents and Settings\Neil Hill\Desktop\Virus Removal Tool\setup_9.0.0.722_12.06.2010_23-38\startup.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} http://www.crystalsquid.com/games/CSGI.cab (CSGI Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7651.6596759259 (Reg Error: Key error.)

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)

O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.13)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\starshipwallpaper.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\starshipwallpaper.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/14 09:16:04 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\78607952.sys

[2010/06/14 09:16:03 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7860795.sys

[2010/06/14 09:16:03 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\78607951.sys

[2010/06/14 09:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Desktop\Virus Removal Tool

[2010/06/12 12:53:52 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/06/12 12:21:37 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/12 12:13:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/12 12:13:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/12 12:13:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/12 12:13:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/12 12:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/12 12:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/10 13:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Desktop\Working

[2010/06/10 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/09 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/06/09 19:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/06/09 16:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/09 16:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2003/01/24 10:41:11 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[86 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 08:45:32 | 000,000,220 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2010/06/15 08:44:42 | 061,082,825 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/15 08:40:36 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/15 08:40:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/15 08:40:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/15 08:39:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/06/15 08:39:53 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/14 21:26:27 | 014,155,776 | -H-- | M] () -- C:\Documents and Settings\Neil Hill\NTUSER.DAT

[2010/06/14 21:26:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Neil Hill\NTUSER.INI

[2010/06/14 21:08:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/14 10:52:19 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti2mjgy.sys

[2010/06/14 10:49:49 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/14 10:19:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/14 09:31:46 | 000,530,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/14 09:31:46 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/06/14 09:31:46 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/06/14 09:20:26 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Start Menu\Programs\Startup\setup_9.0.0.722_12.06.2010_23-38.lnk

[2010/06/14 09:02:38 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/06/12 12:42:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/12 12:41:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/06/12 12:21:50 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2010/06/12 12:07:34 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2010/06/10 13:44:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neil Hill\defogger_reenable

[2010/06/09 16:02:34 | 000,000,603 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/06/09 16:02:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/06/02 23:27:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/06/02 23:27:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/06/02 17:47:30 | 002,711,552 | ---- | M] () -- C:\Documents and Settings\Neil Hill\My Documents\Calender 10.pub

[2010/05/31 17:56:21 | 000,180,736 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Desktop\Mac Island Trees.xls

[2010/05/18 09:28:19 | 000,035,812 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Desktop\Wood House Layout Sheet.pdf

[2010/05/17 14:31:09 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[86 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/14 10:52:15 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mjgy.sys

[2010/06/14 09:20:26 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Start Menu\Programs\Startup\setup_9.0.0.722_12.06.2010_23-38.lnk

[2010/06/12 12:21:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/12 12:21:42 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/12 12:13:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/12 12:13:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/12 12:13:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/12 12:13:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/12 12:13:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/10 13:44:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neil Hill\defogger_reenable

[2010/06/09 16:20:49 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/31 17:41:09 | 000,180,736 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Desktop\Mac Island Trees.xls

[2010/05/18 09:28:10 | 000,035,812 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Desktop\Wood House Layout Sheet.pdf

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/14 12:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ReportViewer.INI

[2005/09/22 17:14:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.dll

[2005/07/22 19:04:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2005/07/22 18:35:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2005/04/27 18:06:25 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\epsnodlm.dll

[2004/12/31 15:28:55 | 000,000,078 | ---- | C] () -- C:\WINDOWS\JFF Files Viewer.ini

[2003/11/19 19:27:49 | 000,000,110 | ---- | C] () -- C:\WINDOWS\fiery.ini

[2003/11/17 13:58:09 | 000,000,480 | ---- | C] () -- C:\WINDOWS\efinl.ini

[2003/10/06 15:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2003/10/06 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/07/07 11:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2003/07/07 11:49:41 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll

[2003/05/26 14:08:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cannon.ini

[2003/05/26 14:08:38 | 000,000,011 | ---- | C] () -- C:\WINDOWS\arcmail.ini

[2003/05/26 14:08:36 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\FLORA16.DLL

[2003/05/07 15:17:16 | 000,001,057 | ---- | C] () -- C:\WINDOWS\Corpscon.ini

[2003/04/28 17:19:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TopoQuads.ini

[2003/03/28 16:47:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\iv3.INI

[2003/03/07 11:14:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2003/03/07 11:13:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2003/03/07 11:13:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2003/03/07 10:57:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2003/02/27 10:36:40 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2003/02/27 10:34:24 | 000,118,834 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll

[2003/02/27 10:34:24 | 000,046,700 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll

[2003/02/10 18:10:47 | 000,000,220 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2003/02/06 19:08:34 | 000,000,198 | ---- | C] () -- C:\WINDOWS\link32.INI

[2003/02/06 19:05:17 | 000,003,597 | ---- | C] () -- C:\WINDOWS\Pinnacle.ini

[2003/02/06 12:06:30 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini

[2003/02/05 18:30:32 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI

[2003/02/05 18:30:32 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI

[2003/02/05 18:30:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI

[2003/02/05 18:18:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2003/02/05 14:22:27 | 000,000,159 | ---- | C] () -- C:\WINDOWS\PHOTOMAX.INI

[2003/01/31 19:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epadmin.INI

[2003/01/31 18:31:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2003/01/24 10:50:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/24 10:44:50 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini

[2003/01/24 10:43:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/24 10:41:29 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2003/01/24 10:41:11 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll

[2003/01/24 10:41:11 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini

[2003/01/24 10:41:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2003/01/24 10:41:08 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI

[2003/01/24 10:41:08 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI

[2003/01/24 10:41:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini

[2003/01/24 10:40:23 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2003/01/24 10:36:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/24 10:16:20 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2002/08/29 07:00:00 | 000,009,015 | ---- | C] () -- C:\WINDOWS\System32\mscomctx.dll

[2002/08/29 07:00:00 | 000,008,921 | ---- | C] () -- C:\WINDOWS\System32\accwiz2.dll

[2002/08/29 07:00:00 | 000,005,770 | -H-- | C] () -- C:\WINDOWS\System32\winspx.dll

[2002/08/29 07:00:00 | 000,005,691 | ---- | C] () -- C:\WINDOWS\System32\msjock.dll

[2002/08/29 07:00:00 | 000,005,613 | ---- | C] () -- C:\WINDOWS\System32\msvbvm32.dll

[2002/08/29 07:00:00 | 000,005,549 | ---- | C] () -- C:\WINDOWS\System32\msvbvm31.dll

[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

[kahdah]

Ok go ahead and uninstall the Kaspersky program I had you use.

You can open the folder that it is in and click on the uninst icon to uninstall it.

==================

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\SYSTEM32\DRIVERS\uti2mjgy.sys

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

[toivo]

The filoe upload on VirusTotal is not working properly. Every time I try to upload the file it gives me an IE error.

Jottie scanned it. (that is a neat page) The permalink is here: http://virusscan.jotti.org/en/scanresult/f...09d32d9695166de

Filename: uti2mjgy.sys

Status: Scan finished. 7 out of 19 scanners reported malware.

File size: 7168 bytes

Filetype: PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

MD5: 524d8d450622db4a7875b111c299a76b

SHA1: fe22db1e0b864e77baeca5520c05c42431784fd8

Not sure of the report you want from that webpage.

I just sent in the file to VirusTotal via e-mail, and got this report back:

Complete scanning result of "uti2mjgy.sys", processed in VirusTotal at 06/16/2010 15:40:49 (CET).

[ file data ]

* name..: uti2mjgy.sys

* size..: 7168

* md5...: 524d8d450622db4a7875b111c299a76b

* sha1..: fe22db1e0b864e77baeca5520c05c42431784fd8

* peid..: -

[ scan result ]

a-squared 5.0.0.26/20100616 found [Trojan.Win32.Bagle!IK]

AhnLab-V3 2010.06.16.07/20100616 found nothing

AntiVir 8.2.2.6/20100616 found nothing

Antiy-AVL 2.0.3.7/20100611 found nothing

Authentium 5.2.0.5/20100616 found [W32/Bagle.IJ]

Avast 4.8.1351.0/20100616 found nothing

Avast5 5.0.332.0/20100616 found nothing

AVG 9.0.0.787/20100616 found nothing

BitDefender 7.2/20100616 found [Rootkit.Bagle.K]

CAT-QuickHeal 10.00/20100616 found nothing

ClamAV 0.96.0.3-git/20100616 found [Trojan.Agent-66914]

Comodo 5120/20100616 found nothing

DrWeb 5.0.2.03300/20100616 found nothing

eSafe 7.0.17.0/20100615 found [Win32.Bagle.RC.worm]

eTrust-Vet 36.1.7638/20100616 found nothing

F-Prot 4.6.0.103/20100616 found [W32/Bagle.IJ]

F-Secure 9.0.15370.0/20100616 found [Rootkit:W32/Bagle.SR]

Fortinet 4.1.133.0/20100616 found [W32/Bagle.ZNG!worm]

GData 21/20100616 found [Rootkit.Bagle.K]

Ikarus T3.1.1.84.0/20100616 found [Trojan.Win32.Bagle]

Jiangmin 13.0.900/20100615 found [Trojan/Agent.cmdf]

K7AntiVirus 7.10.1004/20100322 found [Trojan.Win32.Malware.1]

Kaspersky 7.0.0.125/20100616 found nothing

McAfee 5.400.0.1158/20100616 found nothing

McAfee+Artemis 5937/20100331 found nothing

McAfee-GW-Edition 2010.1/20100616 found nothing

Microsoft 1.5802/20100616 found nothing

NOD32 5201/20100616 found nothing

Norman 6.04.12/20100615 found nothing

nProtect 2010-06-16.01/20100616 found [Worm/W32.Bagle.7168]

Panda 10.0.2.7/20100616 found nothing

PCTools 7.0.3.5/20100616 found [Trojan-Downloader.Bagle]

Prevx 3.0/20100616 found [Medium Risk Malware]

Rising 22.51.06.01/20100613 found [Trojan.Win32.Generic.51E920C9]

Sophos 4.54.0/20100616 found nothing

Sunbelt 6454/20100616 found [Trojan.Win32.Generic!BT]

Symantec 20101.1.0.89/20100616 found nothing

TheHacker 6.5.2.0.299/20100615 found [Trojan/Rootkit.gen]

TrendMicro 9.120.0.1004/20100616 found nothing

TrendMicro-HouseCall 9.120.0.1004/20100616 found nothing

VBA32 3.12.12.5/20100616 found nothing

ViRobot 2010.6.14.3884/20100616 found [Trojan.Win32.Bagle.7168]

VirusBuster 5.0.27.0/20100616 found nothing

[ notes ]

ThreatExpert info: http://www.threatexpert.com/report.aspx?md...875b111c299a76b

http://info.prevx.com/aboutprogramtext.asp...14F3D00CCFB2D16

[kahdah]

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=53542&pid=268460&st=0entry268460

Collect::
C:\WINDOWS\SYSTEM32\DRIVERS\uti2mjgy.sys

Driver::
uti2mjgy

Save this as CFScript.txt

Drag CFScript.txt into ComboFix.exe

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

[toivo]

Ran combofix scan

Log here:

ComboFix 10-06-11.01 - Neil Hill 06/16/2010 15:53:15.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.529 [GMT -4:00]

Running from: c:\documents and settings\Neil Hill\Desktop\Working\ComboFix.exe

Command switches used :: c:\documents and settings\Neil Hill\Desktop\Working\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\SYSTEM32\DRIVERS\uti2mjgy.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SYSTEM32\DRIVERS\uti2mjgy.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_UTI2MJGY

-------\Service_uti2mjgy

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))

.

2010-06-15 22:24 . 2010-06-15 22:24 503808 ----a-w- c:\documents and settings\Neil Hill\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b47538a-n\msvcp71.dll

2010-06-15 22:24 . 2010-06-15 22:24 499712 ----a-w- c:\documents and settings\Neil Hill\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b47538a-n\jmc.dll

2010-06-15 22:24 . 2010-06-15 22:24 348160 ----a-w- c:\documents and settings\Neil Hill\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b47538a-n\msvcr71.dll

2010-06-15 22:24 . 2010-06-15 22:24 61440 ----a-w- c:\documents and settings\Neil Hill\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfd7790-n\decora-sse.dll

2010-06-15 22:24 . 2010-06-15 22:24 12800 ----a-w- c:\documents and settings\Neil Hill\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dfd7790-n\decora-d3d.dll

2010-06-15 22:24 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-12 16:53 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-10 13:00 . 2010-06-10 13:00 -------- d-----w- c:\program files\ESET

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-sh--w- c:\documents and settings\LocalService\UserData

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-06-10 00:53 . 2010-06-10 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2010-06-09 20:37 . 2010-06-09 20:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-03 03:28 . 2010-06-03 03:28 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-06-03 03:28 . 2010-06-03 03:28 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-16 19:37 . 2003-02-27 14:36 48 ----a-w- c:\windows\wpd99.drv

2010-06-15 22:24 . 2005-08-29 22:52 -------- d-----w- c:\program files\Common Files\Java

2010-06-15 22:24 . 2005-08-29 22:53 -------- d-----w- c:\program files\Java

2010-06-03 03:27 . 2008-09-24 21:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 03:27 . 2008-09-24 21:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-11 16:05 . 2010-01-18 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-10 21:51 . 2003-01-24 14:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-10 21:36 . 2010-05-10 21:36 -------- d-----w- c:\program files\CCleaner

2010-05-06 10:41 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2002-08-29 11:00 1851264 ------w- c:\windows\system32\win32k.sys

2010-04-29 19:39 . 2010-01-18 16:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2010-01-18 16:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 13:39 . 2003-01-30 23:37 65408 ----a-w- c:\documents and settings\Neil Hill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-05-15 245760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-24 45056]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-16 22:44 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk

backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-06-21 09:58 188416 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-10-06 18:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

2006-07-21 15:43 407032 ------w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CLTNetCnService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"WZCSVC"=2 (0x2)

"FontCache3.0.0.0"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"gupdate1c9d7f75e00e742"=2 (0x2)

"Viewpoint Manager Service"=2 (0x2)

"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\dllhost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/24/2008 5:51 PM 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/24/2008 5:51 PM 242896]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 6:44 PM 308064]

S2 gupdate1c9d7f75e00e742;Google Update Service (gupdate1c9d7f75e00e742);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2009 4:29 PM 133104]

S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:48 PM 24652]

.

Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 20:29]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 20:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://us.mc827.mail.yahoo.com/mc/welcome?.partner=sbc&.rand=becng4k5hlsiq

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:1047

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} - hxxp://www.crystalsquid.com/games/CSGI.cab

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-16 16:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???0???X???????????0???P???? ?w? ?w)??p????????(???w????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2280)

c:\windows\system32\WININET.dll

c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\System32\MsPMSPSv.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2010-06-16 16:14:23 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-16 20:14

ComboFix2.txt 2010-06-12 16:44

Pre-Run: 6,062,059,520 bytes free

Post-Run: 6,041,706,496 bytes free

- - End Of File - - 87DFF5FD6932D99FD3204BAF2D615389

[toivo]

Note sure if this is related or not. I think I have seen it before, but sometimes when I right click, I get a window popup which says:

Message to DEVS: Shell: Calling get root key before nview.dll is loaded.

[kahdah]

Message to DEVS: Shell: Calling get root key before nview.dll is loaded.

This is related to the Nvidia graphics software installed.

Do you know the make and model of the graphics card or the computer?

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

[toivo]

Video card is a NVidia GeForce4 MX 420 according to My Computer properties.

Sorry I missed the zip

_4__Submit_2010_06_16_15.53.06.zip

[kahdah]

Hi go here to download the drivers for your Video card.

http://www.nvidia.com/object/winxp_2k_93.71_2.html

It is set to the correct version just hit yes to the license agreement then hit the download now button.

After that double click on the installer file and follow the prompts.

This will repair or install the software and fix that issue.

Let me know if it quits after doing that.

[toivo]

Things seem to be running faster now. The Malware-popups are gone. Not sure that it is 100% as fast as it should be, but it is much better.

The video drivers seemed to do the trick on the right click menu.

Is there something else I should scan or check?

[kahdah]

Great glad it is working.

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[toivo]

Had a death in the family, and I have to go out of town for a few days. Please don't close topic, I will get back with this in a few days.

Thanks again for you help.

[kahdah]

Ok no problem post when you get back.

[toivo]

Finally getting back to normal around here. Thank you for keeping this open. I ran OTL, and the log is posted below.

OTL logfile created on: 6/29/2010 7:31:34 PM - Run 3

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Neil Hill\Desktop\Working

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 22.47 Gb Total Space | 5.38 Gb Free Space | 23.97% Space Free | Partition Type: NTFS

Drive D: | 4.88 Gb Total Space | 1.27 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Drive E: | 13.96 Gb Total Space | 1.07 Gb Free Space | 7.68% Space Free | Partition Type: NTFS

Drive F: | 14.55 Gb Total Space | 2.76 Gb Free Space | 18.96% Space Free | Partition Type: NTFS

Drive G: | 111.78 Gb Total Space | 105.85 Gb Free Space | 94.69% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NEIL

Current User Name: Neil Hill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Neil Hill\Desktop\Working\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Neil Hill\Desktop\Working\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll (Motive Communications, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)

DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)

DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)

DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)

DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)

DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)

DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)

DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)

DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)

DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)

DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)

DRV - (Ser2pl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)

DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Roxio)

DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Roxio)

DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)

DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

DRV - (Sntnlusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.)

DRV - (PQNTDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\PQNTDRV.sys (PowerQuest Corporation)

DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)

DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio)

DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio)

DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio)

DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

DRV - (UdfReadr) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys (Adaptec)

DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc827.mail.yahoo.com/mc/welcome?...d=becng4k5hlsiq

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 03:01:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/13 09:48:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/16 16:03:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)

O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3C5B2DBA-9C59-4A9D-8CB2-D67F93863962} http://www.crystalsquid.com/games/CSGI.cab (CSGI Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7651.6596759259 (Reg Error: Key error.)

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)

O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.13)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\starshipwallpaper.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\starshipwallpaper.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/18 11:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Desktop\New Folder (2)

[2010/06/16 15:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Desktop\village

[2010/06/15 18:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/15 18:24:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/06/15 18:24:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/06/15 18:24:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/06/15 18:24:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/06/15 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Application Data\Sun

[2010/06/12 12:53:52 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/06/12 12:21:37 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/06/12 12:13:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/06/12 12:13:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/06/12 12:13:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/06/12 12:13:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/06/12 12:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/06/12 12:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/10 13:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neil Hill\Desktop\Working

[2010/06/10 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/09 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/06/09 19:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/06/09 16:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/06/09 16:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2003/01/24 10:41:11 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[86 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/29 19:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/29 17:44:05 | 000,000,621 | ---- | M] () -- C:\WINDOWS\hpbafd.ini

[2010/06/29 15:11:14 | 000,065,408 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Application Data\GDIPFONTCACHEV1.DAT

[2010/06/29 11:19:22 | 001,723,711 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Desktop\Zone A doc.pdf

[2010/06/28 21:21:06 | 061,472,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/28 20:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/28 08:56:07 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/28 08:55:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/28 08:55:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/06/28 08:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/06/28 08:55:28 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/23 10:52:33 | 014,155,776 | -H-- | M] () -- C:\Documents and Settings\Neil Hill\NTUSER.DAT

[2010/06/23 10:52:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Neil Hill\NTUSER.INI

[2010/06/23 10:23:49 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Desktop\Mac Island Trees final.xls

[2010/06/23 03:03:44 | 000,530,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/23 03:03:44 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2010/06/23 03:03:44 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2010/06/19 13:34:35 | 000,056,011 | ---- | M] () -- C:\Documents and Settings\Neil Hill\Desktop\Brzuchalski Contract.pdf

[2010/06/19 13:34:31 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2010/06/16 16:04:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/16 16:03:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/06/14 10:49:49 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/14 10:19:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/12 12:21:50 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2010/06/10 13:44:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Neil Hill\defogger_reenable

[2010/06/09 16:02:34 | 000,000,603 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/06/09 16:02:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/06/02 23:27:38 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/06/02 23:27:37 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/06/02 17:47:30 | 002,711,552 | ---- | M] () -- C:\Documents and Settings\Neil Hill\My Documents\Calender 10.pub

[86 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[15 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/29 11:19:21 | 001,723,711 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Desktop\Zone A doc.pdf

[2010/06/19 13:34:31 | 000,056,011 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Desktop\Brzuchalski Contract.pdf

[2010/06/12 12:21:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/06/12 12:21:42 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/06/12 12:13:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/06/12 12:13:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/06/12 12:13:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/06/12 12:13:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/06/12 12:13:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/10 13:44:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neil Hill\defogger_reenable

[2010/06/09 16:20:49 | 1072,766,976 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/31 17:41:09 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Neil Hill\Desktop\Mac Island Trees final.xls

[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/12/14 12:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ReportViewer.INI

[2005/09/22 17:14:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.dll

[2005/07/22 19:04:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2005/07/22 18:35:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2005/04/27 18:06:25 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\epsnodlm.dll

[2004/12/31 15:28:55 | 000,000,078 | ---- | C] () -- C:\WINDOWS\JFF Files Viewer.ini

[2003/11/19 19:27:49 | 000,000,110 | ---- | C] () -- C:\WINDOWS\fiery.ini

[2003/11/17 13:58:09 | 000,000,480 | ---- | C] () -- C:\WINDOWS\efinl.ini

[2003/10/06 15:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2003/10/06 15:16:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2003/10/06 15:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2003/10/06 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2003/07/07 11:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2003/07/07 11:49:41 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll

[2003/05/26 14:08:38 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cannon.ini

[2003/05/26 14:08:38 | 000,000,011 | ---- | C] () -- C:\WINDOWS\arcmail.ini

[2003/05/26 14:08:36 | 000,059,776 | ---- | C] () -- C:\WINDOWS\System32\FLORA16.DLL

[2003/05/07 15:17:16 | 000,001,057 | ---- | C] () -- C:\WINDOWS\Corpscon.ini

[2003/04/28 17:19:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TopoQuads.ini

[2003/03/28 16:47:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\iv3.INI

[2003/03/07 11:14:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2003/03/07 11:13:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2003/03/07 11:13:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2003/03/07 10:57:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2003/02/27 10:36:40 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2003/02/27 10:34:24 | 000,118,834 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll

[2003/02/27 10:34:24 | 000,046,700 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll

[2003/02/10 18:10:47 | 000,000,621 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2003/02/06 19:08:34 | 000,000,198 | ---- | C] () -- C:\WINDOWS\link32.INI

[2003/02/06 19:05:17 | 000,003,597 | ---- | C] () -- C:\WINDOWS\Pinnacle.ini

[2003/02/06 12:06:30 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini

[2003/02/05 18:30:32 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI

[2003/02/05 18:30:32 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI

[2003/02/05 18:30:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI

[2003/02/05 18:18:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2003/02/05 14:22:27 | 000,000,159 | ---- | C] () -- C:\WINDOWS\PHOTOMAX.INI

[2003/01/31 19:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epadmin.INI

[2003/01/31 18:31:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2003/01/24 10:50:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/24 10:44:50 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini

[2003/01/24 10:43:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/24 10:41:29 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2003/01/24 10:41:11 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll

[2003/01/24 10:41:11 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini

[2003/01/24 10:41:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2003/01/24 10:41:08 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI

[2003/01/24 10:41:08 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI

[2003/01/24 10:41:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini

[2003/01/24 10:40:23 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2003/01/24 10:36:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/24 10:16:20 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2002/08/29 07:00:00 | 000,009,015 | ---- | C] () -- C:\WINDOWS\System32\mscomctx.dll

[2002/08/29 07:00:00 | 000,008,921 | ---- | C] () -- C:\WINDOWS\System32\accwiz2.dll

[2002/08/29 07:00:00 | 000,005,770 | -H-- | C] () -- C:\WINDOWS\System32\winspx.dll

[2002/08/29 07:00:00 | 000,005,691 | ---- | C] () -- C:\WINDOWS\System32\msjock.dll

[2002/08/29 07:00:00 | 000,005,613 | ---- | C] () -- C:\WINDOWS\System32\msvbvm32.dll

[2002/08/29 07:00:00 | 000,005,549 | ---- | C] () -- C:\WINDOWS\System32\msvbvm31.dll

[2002/02/06 11:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll

[2002/01/21 17:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll

[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

[kahdah]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1047

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• You can then close out of OTL.
  

==========

=======Cleanup=======

• Click START then RUN
  
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
  

======Next======

• Double click on OTL to run it.
  
• Click on the Cleanup button at the top.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  
• This will remove itself and other tools we may have used.
  

===============Java===============

Please uninstall all of the below:

• Coupon Printer for Windows4.0
  
• ESET Online Scanner
  
• J2SE Runtime Environment 5.0 Update 4
  
• J2SE Runtime Environment 5.0 Update 6
  
• J2SE Runtime Environment 5.0 Update 9
  
• J2SE Runtime Environment 5.0 Update 10
  
• J2SE Runtime Environment 5.0 Update 11
  
• Java SE Runtime Environment 6 Update 1
  
• Java 6 Update 2
  
• Java 6 Update 5
  
• Java 6 Update 7
  

Leave only Java 6 Update 20

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

[toivo]

All instrusctions followed. Thank you so much for your help.

I will drop you a lil somthing!

[kahdah]

You are welcome and thank you.